The controller for the processing of your personal data in connection with this App is Valora Schweiz AG, Hofackerstrasse 40, CH-4132 Muttenz.

You can reach our company data protection officer at dataprivacy@valora.com or at our postal address with the addition of "the data protection officer".

Valora uses the data you provide primarily for the purpose of the proper operation of this App, as well as for the performance and processing of the App services (incl. customer satisfaction survey). You will find details in this chapter.

• Data collected during the registration process: During the registration process, we ask you for your first name, last name, date of birth, gender and cell phone number. We then generate an individual user ID for you. The processing of this data takes place for the fulfillment of the terms of use of this App and is necessary to enable your access to the App, the maintenance of your user account as well as contact point for purposes of direct communication (incl. customer satisfaction survey). We need your date of birth to send you birthday wishes and a small birthday surprise. Furthermore, we store your email address if you contact our customer service by email.
• Means of payment within the Payment Linked Loyalty programme (PLL): if you choose to register one or more means of payment in the app so that you can automatically collect points, stamps and other benefits in the future (without having to show the QR code in the app), we will process data relating to whichever registered means of payment you choose. We will store the type of payment method (e.g. VISA, MasterCard, etc.); if applicable, we will also store your partially masked card number (e.g. XXX XXX XXX1 234) as well as a so-called pseudonymous card token (an alphanumeric identification number created by the payment processor based on your card number). Furthermore, we will store in which of our sales outlets and at what time the registered means of payment was last used. This data is used solely for the purpose of enabling you to collect points and stamps more easily. You can delete the stored means of payment in your customer profile at any time. In this case, your payment method data will also be deleted from our systems. Furthermore, the data will be deleted if you delete your entire customer account.
• Analysis data regarding App usage: Your individual user profile is composed of the data you provided during registration (see above), your purchase data (location and time information, data on the products you are interested in, claiming of discounts or other offers) as well as other data regarding App usage (whether and when you used the App, which functions you accessed, etc.). Based on the user profiles of all App users, we can perform analyses that can map consumption behavior as well as consumption profiles. Such processing is done based on our legitimate interests to better understand user acceptance and to continuously optimize this App and our offerings. Depending on the analysis, your data will either be aggregated (and thus anonymized) or pseudonymized. In addition, data on the loyalty points collected in accordance with the terms of use is processed in order to enable Valora to operate the program and correctly allocate the loyalty points to the respective customers.
• Direct advertising: Based on the evaluation of your user profile, we can send you attractive offers and relevant information on products and promotions in the App. When setting up the App, you can choose whether you want to receive push notifications. You can adjust your selection at any time. You also have the option of subscribing to our newsletter. You can subscribe and unsubscribe to the newsletter via a separate link, which will be pointed out to you in the app.
• Sweepstakes within the App: In the case of sweepstakes promotions, we record which users have been provided with which promotions, which users have participated in which promotions, which users have won which prizes and which prizes they have redeemed. As part of your participation in one of our sweepstakes, it is further necessary that we process the following personal data from you: For the purpose of prize delivery, it may be necessary for us to collect your postal address. In the event of a win, we also use your cell phone number stored in the App to activate the prize in your customer account and/or to contact you directly. In addition, we can provide customer support if something does not work. The described data processing is carried out exclusively for the purpose of handling the respective promotion. We store data that we need exclusively for the proper processing of the promotion (e.g. address) for up to 2 months after dispatching the prize.
• Invitation to a friend to use the app (Tell-a-Friend): When sending an invitation to friends to use the App, Valora collects the cell phone number of the friend indicated and stores the cell phone number of said friend in the inviting user's user profile for a period of one month, provided that the cell phone number of the advertised friend is not already linked to an existing user account. If the invited friend registers during this one-month period via the invitation link sent via SMS, a voucher will be sent to the inviting user. If the friend does not register within the one-month period, the cell phone number will be deleted. The cell phone number of the invited friend will not be used for any other purpose.
• Sending a gift voucher to a friend (Gift-a-Friend): When sending a gift voucher to a friend via the SMS function, Valora collects the cell phone number of the friend indicated in order to check whether a user account has already been set up with this cell phone number. If the friend has already registered, the voucher is sent via the app, otherwise via SMS. Immediately afterwards, the friend's cell phone number is pseudonymized. The cell phone number of the friend receiving the gift will not be used for any other purposes.
• Data processing for fraud prevention: If we determine that a user has violated the terms of the loyalty program (e.g. by using another person's membership card to make purchases to collect points), we may suspend the user account in question. In this case, we store certain personal data (such as email address, phone number, user ID) to prevent the user from re-registering and to avoid future fraud. This processing is carried out on the basis of our legitimate interests in ensuring the integrity and security of the loyalty program.

When downloading this App, the relevant app store processes certain data related to the user and the user's device, such as: IP address, device identification numbers (IMEI, UDID, IMSI, MAC address), mobile number (MSISDN), name of the device, user-specific app store login data such as username / password.

Use of third party platforms is at your own risk. We have not reviewed the third party platforms and take no responsibility for how the providers process personal data. We recommend that you read the privacy statements of third-party platforms in advance.

• Sharing your data with other Valora companies: to the extent necessary to provide this App or for other legitimate interests of Valora, Valora will share your data with other members of the Valora group of companies.
• Transfer of personal data to third parties: Valora may transfer certain tasks and data to third parties engaged by it ("service providers") in order to enable the proper operation (e.g. carrying out the registration process), maintenance and various functionalities of this App, as well as to store the data. The service providers are data processors of Valora and are contractually bound to the processing purposes described herein. In particular, they may only process your data in the context of fulfilling their contractual obligations to Valora and their obligations under applicable law. If we are involved in a business combination (merger), joint venture, acquisition/sale of a business or sale of assets, we may disclose your data to any transaction partner for their further processing.
• Disclosure in connection with criminal proceedings: To the extent permitted by law, we may disclose information the disclosure of which is necessary or helpful to investigate or prevent an actual or suspected criminal offense or other violation of our rights or the rights of a third party.
• Aggregated and Anonymized Evaluation Data: Valora may share aggregated (aggregated) or non-personal (anonymized) data with the public and other partners. It is possible, for example, that Valora may publish such information in order to show trends regarding customer behaviour. However, you as a person are then no longer identifiable from this data.
   

All personal data stored will be retained by Valora (and / or by affiliated companies or third-party service providers on behalf of Valora) only for as long as is necessary for the use of the App, or to the extent permitted or required by law.

For example:

• Registration data is used for the duration of the existence of the user account. User accounts are deleted without request after two years of inactivity.
• We use analytics data for a period of four years.
• We store cell phone numbers of friends to whom the App has been recommended for a period of one month.

Data whose specified maximum processing duration has been reached is automatically deleted within one month.

However, aggregated or anonymized data, which no longer relate to individual users, may be processed beyond the specified period.

Data of blocked users: For users who have been blocked due to fraudulent activity, we store the relevant data (e.g. email address, phone number, user ID) for a period of two years from the date of blocking. This extended retention period is necessary to ensure that blocked users cannot re-register and continue the fraud. After the two-year period has expired, the data is automatically deleted, provided that there are no legal obligations for further retention.
 

• Withdrawal of consent: For those data processing operations to which you have given your consent, you have the right to revoke it at any time. Adjusting your personal settings can be done directly in the App. Since you can give your consent for different functionalities, if you revoke your consent, only the functionality for which you have revoked your consent will be disabled or restricted (e.g. push notifications). If you have subscribed to our newsletter, you can unsubscribe simply by clicking on the unsubscribe link in the newsletter.
• Objection: You can object to such data processing, which we carry out based on our legitimate interests, at any time.
• Right to information: You also have the right to find out from us what data we process about you, on what legal basis and for what purposes, as well as to request a free copy of your personal data.
• Right to rectification: If your data is incomplete or incorrect, you have the right to request rectification of your personal data. You can correct some information yourself in the App's customer center.
• Right to erasure: You have the right to have your personal data deleted under certain circumstances. In individual cases, the right to deletion may be excluded. You have the right to delete your customer account and the associated data yourself at any time. The final deletion of the customer account takes place 30 days after you have requested the deletion. We need this period of time to check the legal admissibility of the deletion request and to prevent fraud. Please note that uninstalling the App will not automatically erase your customer account and that your information will remain intact in case you decide to reinstall the App later on.
• Automated decisions: No automated individual decisions are made within the scope of this app that affect you in a legal or other significant way.
• If your account was blocked due to a violation of the terms and conditions of the loyalty program, certain data may be stored for a period of two years for fraud prevention purposes before it is permanently deleted. In individual cases, the right to erasure may therefore be restricted in this context.
   

If you wish to exercise your rights described above or have any other questions regarding the processing of your personal data, please contact our company data protection officer at dataprivacy@valora.com or at our postal address with the addition of "the data protection officer". To make it easier for our data protection officer to assign the inquiry as quickly as possible, your message should ideally have the reference "avec App".

If you have reason to believe that Valora is not processing your personal data in accordance with applicable laws and other regulations and/or if you do not agree with our response to your request to grant your rights, you may file a complaint with the supervisory authority.

We use the Google Firebase developer platform and its associated features and services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google Firebase is a platform for developers of apps for mobile devices and websites. Google Firebase offers a variety of features, which are outlined on the following overview page: https://firebase.google.com/products/.
The functions include, among other things, the storage of apps including users' personal data, such as content created by you or information regarding your interaction with the apps. Google Firebase also offers interfaces that allow interaction between app users and other services.

The evaluation of the users' interactions is done with the help of the Firebase Analytics service. This service helps us to record the interactions of our users. For example, events such as the first opening of the app, uninstallation, update, crash or frequency of use of the app are recorded. Certain user interests are also recorded and evaluated in this way.

The information processed by Google Firebase may be used together with other Google services, such as Google Analytics and Google marketing services. In this case, only pseudonymous information, such as the Android Advertising ID or the Advertising Identifier for iOS, is processed to identify users' mobile devices. For more information about Google's use of data for marketing purposes, users can visit the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

If you take part in one of our sweepstakes, which we conduct via the avec Bonus-App, it is necessary that we process certain personal data of yours in order to conduct the sweepstakes properly: For the purpose of the prize draw, the use of individual promotions and stamp cards may be evaluated. For the purpose of delivering the prize, it may be necessary for us to collect your postal address. In the event of a win, we also use the winner's cell phone number stored in the avec Bonus-App to activate the prize in the customer account or to contact the winner directly. Data that we require exclusively for the proper conduction of the sweepstakes (e.g. address) will be stored for up to 2 months after the prize has been delivered.

Please note that we may change this Privacy Policy at any time without prior notice. Please check this App Privacy Statement regularly for changes - we will mark changes with an additional label such as "New" or "Update".

The Data Controller for the processing of your personal information in connection with this App is Valora Schweiz AG, Hofackerstrasse 40, CH-4132 Muttenz. Our company Data Protection Officer can be reached by sending an email to dataprivacy@valora.com or a letter to our mailing address (please add "Attn: Data Protection Officer").

Valora uses the data you have given us primarily for the purpose of proper operation of the App and to perform and carry out the App services (incl. conducting customer satisfaction surveys). When you sign up for the first time or if you wish to access certain (new) functions while using the App, we may ask you for your consent to the individual data processing operations. We perform other data processing operations, however, based on our legitimate interests or statutory obligations or pursuant to the Terms of Use of that App. You can find further details in this Chapter.

Information requested during the registration process: During the registration process, we ask you for your first name, last name, date of birth, mobile phone number and email address. You also have the option of voluntarily entering your gender. We will then generate an individual user ID for you. The processing of this data takes place for the fulfilment of the terms of use of this app and is necessary to enable your access to the app, the maintenance of your user account as well as a correct address in case of direct communication. We may use your date of birth to send you birthday wishes and a small birthday surprise. We also store your email address if you contact our customer service by email as well as for the implementation of customer satisfaction surveys.

Registration of ID: You also need to scan your identity document (MRZ format) or send us a photocopy of the document by e-mail (if you do not have an identity document in MRZ format) for the purchase of age-restricted products. That enables to record the following personal information: First name(s), last name, ID number, date of birth, nationality, validity period of the identity documents. We need that information for our legitimate interest in customer identification and ensuring that each customer opens only one account. In addition, we may use such information to investigate or track criminal offences. Moreover, your date of birth is recorded to verify your age in connection with the sale of age-restricted products (especially tobacco) and thus to comply with a statutory obligation.

App-usage analyses: Your individual user profile is composed of the information you entered during registration or that we derived from your identity document (see above), your purchasing data (including place and time data, product data and use of special benefits) as well as data on App usage (whether you used the App and, if so, when, which functions you activated, when you used any special benefits or other offers, etc.). Based on the user profiles of all App users, we can conduct analyses that track patterns and profiles of consumption. We perform such processing based on our legitimate interests in improving our understanding of user acceptance and in updating and optimising this App on an ongoing basis. Depending on the analysis, your data will either be aggregated (and thus anonymised) or pseudonymised. In addition, we use your purchasing history in our coffee and/or tobacco modules over the past twelve months in order to provide you with personalised product recommendations during your next purchase.

Shopping at avec «The Kitchen» via Click & Collect: As part of the shopping experience at avec «The Kitchen» via Click & Collect, customers have the exclusive opportunity to pre-order products from the Kitchen range at order.thekitchen.avec.ch for collection at a participating point of sale. In order to process your order and payment, we process personal data such as your first name, last name and email address, as well as payment data (payment method, expiry date, last four digits of the payment method). In addition, we record order information such as the product, pick-up time and point of sale to ensure your order is prepared correctly.

Video surveillance in shop: Since avec box as well as all participating avec points of sale (sometimes) have unattended points of sale, video surveillance takes place at the points of sale in the legitimate interests of Valora and of our customers in ensuring security and retracing certain events (e.g., medical emergencies, theft, vandalism). The recordings are usually stored between 72 and 120 hours. If certain events occur that require a longer storage period and processing of the video surveillance recordings (e.g., in the context of criminal prosecution), such recordings may be stored for as long as Valora deems necessary.

Analysis of open shopping baskets to detect theft: If you leave the point of sale without completing your shopping basket (cancel and/or pay for all items), we receive a message in our system. We can check the open shopping baskets and the video recordings of your visit for theft.

Details regarding means of payment: You will be asked to provide a valid means of payment during the registration process. You provide your means of payment details directly to our payment provider Datatrans. Valora receives from the payment provider a credit card alias, the card type and the expiry date for the purpose of triggering a payment at Datatrans. Valora also receives a masked form of the credit card number (e.g. 123456XXXXXX7890) for the purpose of informing you which means of payment you have deposited. For further information on how Datatrans processes your data, please refer to Datatrans' privacy policy at www.datatrans.ch/de/datenschutzbestimmungen.

Emergency button: In our stores there is an emergency button that you can press if you find yourself in an emergency situation. Pressing the emergency button will trigger an automatic alarm to the security company Protectas, who will then intervene. After the incident, a report can be generated that can include the name, address, time of the incident as well as measures taken. Triggered alarms can be tracked for 2 years.

Data processing for fraud prevention: If we determine that a user has violated the terms of the loyalty program (e.g. by using another person's membership card to make purchases to collect points), we may suspend the user account in question. In this case, we store certain personal data (such as email address, phone number, user ID) to prevent the user from re-registering and to avoid future fraud. This processing is carried out on the basis of our legitimate interests in ensuring the integrity and security of the loyalty program.

In the coffee and tobacco modules, we will make an individual product recommendation to you based on the products that you purchased in the past. We do not use the data provided by you in connection with the App for profiling purposes.

When you download this App, the relevant App-Store processes certain information related to the user and user's device, e.g.: IP address, device identification numbers (IMEI, UDID, IMSI, MAC address), mobile telephone number (MSISDN), name of device, user-specific App-Store log-in data such as user name/password.

The use of third party platforms is at your own risk. We have not reviewed the third-party platforms and accept no responsibility for how the providers process personal data. We recommend that you read the privacy statements of third-party platforms in advance.

• Passing on your data to other Valora companies: Insofar as it is necessary for the provision of this App or for other legitimate interests of Valora, Valora will share your data with other members of the Valora Group.
• Transfer of personal data to third parties: Valora may transfer certain tasks and data to third parties ("service providers") commissioned by it in order to ensure proper operation (e.g. carrying out the registration process or the ordering process as part of the avec ‘The Kitchen’ via Click & Collect), maintenance and the various functions of this App, as well as to store the data or conduct customer satisfaction surveys. The service providers are data processors of Valora and are contractually bound to the processing purposes described herein. In particular, they may only process your data within the framework of fulfilling their contractual obligations towards Valora and their obligations under applicable law. If we are involved in a merger, joint venture, acquisition/sale or sale of assets, we may disclose your data to a transaction partner for further processing.
• Disclosure in connection with criminal proceedings: To the extent permitted by law, we may disclose information that is necessary or conducive to the investigation or prevention of an actual or suspected criminal offense or other violation of our or a third party's rights.
• Analysis data: Valora may disclose aggregated or non-personal information to the public and other partners. It is possible, for example, that Valora may publish such information in order to identify trends in customer behaviour. However, you as a person can then no longer be identified from this data.

Your data will only be processed in Switzerland and in EU countries.

In order to store your data securely on our customer database, we use a cloud service provider that provides data centers in Ireland and Germany. Should it nevertheless be necessary to transfer your personal data to a country that does not have an adequate level of data protection, we will ensure appropriate guarantees: Either the recipient will enter into the accepted standard contractual clauses or the recipient can prove that it is self-certified under the Privacy Shield (EU-US/CH-US).

All of your stored personal information will be stored by Valora (and/or by related entities or third-party service providers commissioned by Valora) only so long as necessary for use of the App or so long as permitted or required by law.

• Registration data will be stored for the duration of the existence of the user account. User accounts will be deleted unasked after two years of inactivity.
• We use and store analytical data for a period of one year, with the proviso that aggregated or anonymised data that no longer relate to individual users may, however, be used beyond that period for internal purposes.
• Data relating to Click & Collect "The Kitchen": The data will be deleted one year after the end of the calendar year in which the order was placed, unless there are legal retention periods.
• Data of blocked users: For users who have been blocked due to fraudulent activity, we store the relevant data (e.g. email address, phone number, user ID) for a period of two years from the date of blocking. This extended retention period is necessary to ensure that blocked users cannot re-register and continue the fraud. After the two-year period has expired, the data is automatically deleted, provided that there are no legal obligations for further retention.

This App is not designed for children and teens under 16 years of age so no personal information about children is collected.

• Revocation of consent: In the case of data processing operations to which you have granted consent, you are entitled to revoke such consent at any time. You can adjust your personal settings directly in the App. Since you can consent to a variety of functionalities, in case of a revocation of your consent, only the function for which you revoked your consent will be disabled or limited.
• Objections: You may object at any time to data processing operations that we perform based on our legitimate interests, as well as processing for the purpose of direct marketing.
• Right to information and right to transfer: You are also entitled to find out from us which of your personal information we process to what purposes and on what legal grounds, and to request a free copy of your personal information. At your request, we can forward the copy to a third-party data controller, if technically feasible and not unreasonably costly.
• Right to rectification: If your personal information is incomplete or incorrect, you have the right to demand rectification thereof. You can rectify some of the information yourself in the App's Customer Centre.
• Right to erasure: You have the right to have your personal data deleted under certain circumstances. In individual cases, the right to deletion may be excluded. You have the right to delete your customer account and the associated data yourself at any time. The final deletion of the customer account takes place 30 days after you have requested the deletion. We need this period of time to check the legal admissibility of the deletion request and to prevent fraud. Please note that uninstalling the App will not automatically erase your customer account and that your information will remain intact in case you decide to reinstall the App later on. If your account was blocked due to a violation of the terms and conditions of the loyalty program, certain data may be stored for a period of two years for fraud prevention purposes before it is permanently deleted. In individual cases, the right to erasure may therefore be restricted in this context.
• Right to restriction: You may demand restrictions on the processing of your personal information.
• Automated decision-making and Profiling: You may reject any decisions in this App made exclusively through automated processing (especially profiling and personalised offers).

If you wish to exercise your above-described rights or have other questions about the processing of your personal information, please contact our company Data Protection Officer by sending an e-mail to dataprivacy@valora.com or a letter to our mailing address, adding the words "Attn: Data Protection Officer". To enable our Data Protection Officer to classify your query as quickly as possible, it is best to add "avec App" in the subject line of your message.

If you have a reason to assume that Valora is not using your personal information in compliance with the applicable laws and other regulations and/or if you are dissatisfied with the reply to your query about the exercise of your rights, you may lodge a complaint with the supervisory authority.

We use the Google developer platform Firebase and the related functions and services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google Firebase is a platform for Apps developers for mobile devices and websites. Google Firebase offers a variety of functions described on the following summary page: https://firebase.google.com/products/.

Such functions include, among others, the storage of Apps, including the users’ personal information, such as content created by you or information about your interaction with the Apps. In addition, Google Firebase offers interfaces that enable interactions between App users and other services.

The users’ interactions are analysed using the Firebase Analytics service, which helps us record our users interactions, e.g., events such as the first-time opening of the App, uninstall, updates, crashes and the frequency of use of the App. Certain interests of the users are also recorded and analysed.

The information processed using Google Firebase may be used in combination with other Google services, such as Google Analytics and the Google Marketing services. In that case, only pseudonymous information, such as Android Advertising ID or Advertising Identifier for iOS will be processed in order to identify the user's mobile devices. For further information about the use of data for marketing purposes by Google, see the summary page: https://www.google.comp/policies/technologies/ads; Google's Privacy Policy is available at https://www.google.com/policies/privacy.

Google is certified under the Privacy-Shield Agreement, which guarantees that it ensures a level of privacy protection commensurate with European data protection laws https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Please note that this Data Protection Policy is subject to change at any time without prior notice. Please check this App Data Protection Policy for changes on a regular basis. We label changes with an additional label such as "new" or "update". All changes will enter into effect immediately upon publication of the revised App-Data Protection Policy in this App.