The controller responsible for processing your personal data in connection with this app is Valora Schweiz AG, Hofackerstrasse 40, CH-4132 Muttenz.

You can contact our company data protection officer at dataprivacy@valora.com or at our postal address with the addition "the data protection officer".

Valora uses the data you provide primarily for the purpose of the proper operation of this app, as well as for the fulfillment and processing of the app services (including customer satisfaction surveys). Details can be found in this section.

• Data collected during the registration process: During the registration process, we ask you for your first name, last name, date of birth, gender and your cell phone number. We then generate an individual user ID for you. This data is processed to fulfill the terms of use of this app and is necessary to enable you to access the app, maintain your user account and to address you correctly in the event of direct communication (including customer satisfaction surveys). We use your date of birth to send you birthday wishes and a small birthday surprise. We also store your e-mail address if you contact our customer service by e-mail.
• Payment method data as part of the Payment Linked Loyalty program ("PPL"): If you choose to register one or more means of payment in the app so that you can automatically collect stamps and other benefits in the future (without having to show the QR code in the app) whenever you pay with a deposited means of payment, we process data relating to the means of payment. We store the type of payment method (e.g. VISA, MasterCard, etc.), if applicable your partially masked card number (e.g. XXX XXX XXX1 234) and a so-called pseudonymous card token (an alpha-numeric identification number that the payment processor creates based on your card number). In addition, we store in which of our sales outlets and at what time the deposited funds were last used. This data is used solely for the purpose of making it easier for you to collect stamps. You can delete the stored means of payment in your customer profile at any time. In this case, your payment method data will also be deleted from our systems. The data will also be deleted if you delete your entire customer account.
• Analysis data regarding app usage: Your individual user profile is made up of the data provided during registration (see above), your purchase data (location and time details, data on the products you are interested in, use of discounts or other offers) and other data on app usage (whether and when you have used the app, which functions you have accessed, etc.). Based on the user profiles of all app users, we can carry out analyses that can depict consumer behavior and consumer profiles. Such processing is carried out on the basis of our legitimate interests in better understanding user acceptance and continuously optimizing this app and our offers. Depending on the analysis, your data is either aggregated (and therefore anonymized) or pseudonymized.
• Direct advertising: Based on the analysis of your user profile, we can send you attractive offers and relevant information on products and promotions in the app. When setting up the app, you can choose whether you would like to receive push notifications. You can change your selection at any time. You also have the option of subscribing to our newsletter. You can subscribe and unsubscribe via a separate link, which you will be notified of in the app.
• Competitions within the app: In the case of competition promotions, we record which users have been provided with which promotions, which users have taken part in which promotions, which users have won which prizes and which prizes they have redeemed.  As part of your participation in one of our competitions, it is also necessary for us to process the following personal data about you: For the purpose of prize delivery, it may be necessary for us to collect your postal address. If you win, we will also use your cell phone number stored in the app to activate the prize in your customer account and/or to contact you directly. We can also provide customer support if something does not work. The described data processing takes place exclusively for the purpose of processing the respective competition. We store data that we require exclusively for the proper processing of the competition (e.g. address) for up to 2 months after the prize has been sent.
• Invitation to use the App to a friend (Tell-a-Friend): When sending an invitation to use the App to a friend, Valora collects the cell phone number of the specified friend and stores this cell phone number in the user profile of the inviting user for one month, provided that the cell phone number of the advertised friend is not yet linked to an existing user account. If the invited friend registers during this one-month period via the invitation link sent by SMS, a voucher will be sent to the inviting user. If the friend does not register within the one-month period, the cell phone number will be deleted. The cell phone number of the invited friend will not be used for any other purposes.
• Sending a voucher to a friend (Gift-a-Friend): When sending a voucher to a friend via the SMS function, Valora collects the cell phone number of the specified friend to check whether a user account has already been set up with this cell phone number. If the gifted friend is already registered, the voucher will be sent via the app, otherwise via SMS. Immediately afterwards, the friend's cell phone number is pseudonymized. The gifted friend's cell phone number will not be used for any other purposes.
• Data processing for fraud prevention: If we discover that a user has violated the terms of the loyalty program (e.g. by using the membership card to make purchases for other people in order to collect stamps), we may block the user account concerned. In this case, we store certain personal data (such as e-mail address, telephone number, user ID) in order to prevent the user from re-registering and to prevent future fraud. This processing is based on our legitimate interests in ensuring the integrity and security of the loyalty program.

When downloading this app, the relevant app store processes certain data relating to the user and the user's device, such as: IP address, device identification numbers (IMEI, UDID, IMSI, MAC address), mobile number (MSISDN), name of the device, user-specific app store login data such as user name / password.

The use of third-party platforms is at your own risk. We have not checked the third-party platforms and accept no responsibility for how the providers process personal data. We recommend that you read the privacy policies of third-party platforms in advance.

• Sharing your data with other Valora companies: To the extent necessary to provide this App or for other legitimate interests of Valora, Valora will share your data with other members of the Valora group of companies.
• Transfer of personal data to third parties: Valora may transfer certain tasks and data to third parties ("Service Providers") engaged by it in order to enable the proper operation (e.g. the registration process), maintenance and various functionalities of this App, as well as to store the data. The service providers are Valora's processors and are contractually bound to the processing purposes described herein. In particular, they may only process your data in the context of fulfilling their contractual obligations to Valora and their obligations under applicable law. If we are involved in a business combination (merger), joint venture, business acquisition/sale or sale of assets, we may disclose your data to any transaction partner for further processing.
• Disclosure in connection with criminal proceedings: To the extent permitted by law, we may disclose information the disclosure of which is necessary or conducive to investigating or preventing an actual or suspected criminal offense or other violation of our rights or the rights of a third party.
• Aggregated and anonymized analytics data: Valora may share summarized (aggregated) or non-personal (anonymized) data with the public and other partners. For example, Valora may publish such information to show trends in customer behavior. However, you as an individual are then no longer identifiable from this data.

Your data is only processed in Switzerland and EU countries.

To store your data securely in our customer database, we use a cloud service provider that provides data centers in Ireland and Germany. Should it nevertheless be necessary to transfer your personal data to a country that does not have an adequate level of data protection, we will ensure suitable guarantees by concluding the recognized standard contractual clauses with the recipient.

All stored personal data will only be retained by Valora (and / or by affiliated companies or third-party service providers on behalf of Valora) for as long as necessary for the use of the App or as permitted or required by law.

• Registration data will be used for the duration of the existence of the user account. User accounts are deleted unsolicited after two years of inactivity.
• We use analysis data for a period of four years.
• We store cell phone numbers of friends to whom the app has been recommended for a period of one month.

Data whose specified maximum processing period has been reached will be automatically deleted within one month.

However, aggregated or anonymized data that no longer relates to individual users may be processed beyond the specified period.
For users who have been banned due to fraudulent activity, we store the relevant data (e.g. email address, telephone number, user ID) for a period of two years from the time of banning. This longer storage period is necessary to ensure that blocked users cannot register again and continue the fraud. After the two-year period has expired, the data is automatically deleted, provided there are no legal obligations for further storage.
 

• Revocation of consent: For those data processing operations for which you have given your consent, you have the right to withdraw it at any time. You can adjust your personal settings directly in the app. As you can give your consent for various functionalities, if you withdraw your consent, only the functionality for which you have withdrawn your consent will be deactivated or restricted (e.g. push notifications). If you have subscribed to our newsletter, you can simply unsubscribe by clicking on the unsubscribe link in the newsletter.
  - Objection: You can object to such data processing, which we carry out on the basis of our legitimate interests, at any time.
  - Right to information: You also have the right to find out from us what data we process about you, on what legal basis and for what purposes, and to request a free copy of your personal data.
  - Right to rectification: If your data is incomplete or incorrect, you have the right to request the rectification of your personal data. You can correct some information yourself in the app's customer center.

• Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded. You have the right to delete your customer account and the associated data yourself at any time. The final deletion of the customer account takes place 30 days after you have requested the deletion. We need this period of time to check the legal admissibility of the deletion request and to prevent fraud. Please note that uninstalling the app does not automatically lead to the deletion of your customer account and your data will still be retained if you decide to reinstall the app at a later date. If your account has been blocked due to a breach of the terms of the loyalty program, certain data may remain stored for a period of two years for fraud prevention purposes before being permanently deleted. In individual cases, the right to erasure may therefore be restricted in this context.

• Automated decisions and profiling: Where, in the context of this app, decisions are based solely on automated processing including the creation of a personality profile (in particular personalized offers), you can reject those decisions that affect you in a legal or other significant way.
   

If you wish to exercise the rights described above or have any other questions about the processing of your personal data, please contact our company data protection officer at dataprivacy@valora.com or at our postal address with the addition "the data protection officer". To make it easier for our data protection officer to assign your request as quickly as possible, your message should ideally include the reference "avec App".

If you have reason to believe that Valora is not processing your personal data in accordance with applicable laws and regulations and/or if you do not agree with the response to your request to grant your rights, you may lodge a complaint with the supervisory authority.

We use the developer platform Google Firebase and the associated functions and services of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google Firebase is a platform for developers of apps for mobile devices and websites. Google Firebase offers a variety of functions, which are presented on the following overview page: https://firebase.google.com/products/.
The functions include the storage of apps including users' personal data, such as content created by you or information regarding your interaction with the apps. Google Firebase also offers interfaces that allow interaction between users of the app and other services.

User interactions are analyzed with the help of the Firebase Analytics service. This service helps us to record the interactions of our users. For example, events such as opening the app for the first time, uninstalling, updating, crashing or frequency of use of the app are recorded. Certain user interests are also recorded and analyzed.

The information processed by Google Firebase may be used together with other Google services, such as Google Analytics and Google marketing services. In this case, only pseudonymous information, such as the Android Advertising ID or the Advertising Identifier for iOS, is processed to identify users' mobile devices. Users can find more information on the use of data for marketing purposes by Google on the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

Google is certified under the EU-U.S Data Privacy Framework and thus offers a guarantee to ensure the level of protection of European data protection law (https://www.dataprivacyframework.gov/list). 

Please note that we may change this privacy policy at any time without prior notice. Please check this App Privacy Notice regularly for changes - we will mark changes with an additional label such as "New" or "Update". Any changes will take effect immediately after the revised app privacy information is published in this app.
 

The Data Controller for the processing of your personal information in connection with this App is Valora Schweiz AG, Hofackerstrasse 40, CH-4132 Muttenz. Our company Data Protection Officer can be reached by sending an email to dataprivacy@valora.com or a letter to our mailing address (please add "Attn: Data Protection Officer").

Valora uses the data you have given us primarily for the purpose of proper operation of the App and to perform and carry out the App services (incl. conducting customer satisfaction surveys). When you sign up for the first time or if you wish to access certain (new) functions while using the App, we may ask you for your consent to the individual data processing operations. We perform other data processing operations, however, based on our legitimate interests or statutory obligations or pursuant to the Terms of Use of that App. You can find further details in this Chapter.

Information requested during the registration process: During the registration process, we ask you for your first name, last name, date of birth, mobile phone number and email address. You also have the option of voluntarily entering your gender. We will then generate an individual user ID for you. The processing of this data takes place for the fulfilment of the terms of use of this app and is necessary to enable your access to the app, the maintenance of your user account as well as a correct address in case of direct communication. We may use your date of birth to send you birthday wishes and a small birthday surprise. We also store your email address if you contact our customer service by email as well as for the implementation of customer satisfaction surveys.

Registration of ID: You also need to scan your identity document (MRZ format) or send us a photocopy of the document by e-mail (if you do not have an identity document in MRZ format) for the purchase of age-restricted products. That enables to record the following personal information: First name(s), last name, ID number, date of birth, nationality, validity period of the identity documents. We need that information for our legitimate interest in customer identification and ensuring that each customer opens only one account. In addition, we may use such information to investigate or track criminal offences. Moreover, your date of birth is recorded to verify your age in connection with the sale of age-restricted products (especially tobacco) and thus to comply with a statutory obligation.

App-usage analyses: Your individual user profile is composed of the information you entered during registration or that we derived from your identity document (see above), your purchasing data (including place and time data, product data and use of special benefits) as well as data on App usage (whether you used the App and, if so, when, which functions you activated, when you used any special benefits or other offers, etc.). Based on the user profiles of all App users, we can conduct analyses that track patterns and profiles of consumption. We perform such processing based on our legitimate interests in improving our understanding of user acceptance and in updating and optimising this App on an ongoing basis. Depending on the analysis, your data will either be aggregated (and thus anonymised) or pseudonymised. In addition, we use your purchasing history in our coffee and/or tobacco modules over the past twelve months in order to provide you with personalised product recommendations during your next purchase.

Shopping at avec «The Kitchen» via Click & Collect: As part of the shopping experience at avec «The Kitchen» via Click & Collect, customers have the exclusive opportunity to pre-order products from the Kitchen range at order.thekitchen.avec.ch for collection at a participating point of sale. In order to process your order and payment, we process personal data such as your first name, last name and email address, as well as payment data (payment method, expiry date, last four digits of the payment method). In addition, we record order information such as the product, pick-up time and point of sale to ensure your order is prepared correctly.

Video surveillance in shop: Since avec box as well as all participating avec points of sale (sometimes) have unattended points of sale, video surveillance takes place at the points of sale in the legitimate interests of Valora and of our customers in ensuring security and retracing certain events (e.g., medical emergencies, theft, vandalism). The recordings are usually stored between 72 and 120 hours. If certain events occur that require a longer storage period and processing of the video surveillance recordings (e.g., in the context of criminal prosecution), such recordings may be stored for as long as Valora deems necessary.

Analysis of open shopping baskets to detect theft: If you leave the point of sale without completing your shopping basket (cancel and/or pay for all items), we receive a message in our system. We can check the open shopping baskets and the video recordings of your visit for theft.

Details regarding means of payment: You will be asked to provide a valid means of payment during the registration process. You provide your means of payment details directly to our payment provider Datatrans. Valora receives from the payment provider a credit card alias, the card type and the expiry date for the purpose of triggering a payment at Datatrans. Valora also receives a masked form of the credit card number (e.g. 123456XXXXXX7890) for the purpose of informing you which means of payment you have deposited. For further information on how Datatrans processes your data, please refer to Datatrans' privacy policy at www.datatrans.ch/de/datenschutzbestimmungen.

Emergency button: In our stores there is an emergency button that you can press if you find yourself in an emergency situation. Pressing the emergency button will trigger an automatic alarm to the security company Protectas, who will then intervene. After the incident, a report can be generated that can include the name, address, time of the incident as well as measures taken. Triggered alarms can be tracked for 2 years.

Data processing for fraud prevention: If we determine that a user has violated the terms of the loyalty program (e.g. by using another person's membership card to make purchases to collect points), we may suspend the user account in question. In this case, we store certain personal data (such as email address, phone number, user ID) to prevent the user from re-registering and to avoid future fraud. This processing is carried out on the basis of our legitimate interests in ensuring the integrity and security of the loyalty program.

In the coffee and tobacco modules, we will make an individual product recommendation to you based on the products that you purchased in the past. We do not use the data provided by you in connection with the App for profiling purposes.

When you download this App, the relevant App-Store processes certain information related to the user and user's device, e.g.: IP address, device identification numbers (IMEI, UDID, IMSI, MAC address), mobile telephone number (MSISDN), name of device, user-specific App-Store log-in data such as user name/password.

The use of third party platforms is at your own risk. We have not reviewed the third-party platforms and accept no responsibility for how the providers process personal data. We recommend that you read the privacy statements of third-party platforms in advance.

• Passing on your data to other Valora companies: Insofar as it is necessary for the provision of this App or for other legitimate interests of Valora, Valora will share your data with other members of the Valora Group.
• Transfer of personal data to third parties: Valora may transfer certain tasks and data to third parties ("service providers") commissioned by it in order to ensure proper operation (e.g. carrying out the registration process or the ordering process as part of the avec ‘The Kitchen’ via Click & Collect), maintenance and the various functions of this App, as well as to store the data or conduct customer satisfaction surveys. The service providers are data processors of Valora and are contractually bound to the processing purposes described herein. In particular, they may only process your data within the framework of fulfilling their contractual obligations towards Valora and their obligations under applicable law. If we are involved in a merger, joint venture, acquisition/sale or sale of assets, we may disclose your data to a transaction partner for further processing.
• Disclosure in connection with criminal proceedings: To the extent permitted by law, we may disclose information that is necessary or conducive to the investigation or prevention of an actual or suspected criminal offense or other violation of our or a third party's rights.
• Analysis data: Valora may disclose aggregated or non-personal information to the public and other partners. It is possible, for example, that Valora may publish such information in order to identify trends in customer behaviour. However, you as a person can then no longer be identified from this data.

Your data will only be processed in Switzerland and in EU countries.

In order to store your data securely on our customer database, we use a cloud service provider that provides data centers in Ireland and Germany. Should it nevertheless be necessary to transfer your personal data to a country that does not have an adequate level of data protection, we will ensure appropriate guarantees: Either the recipient will enter into the accepted standard contractual clauses or the recipient can prove that it is self-certified under the Privacy Shield (EU-US/CH-US).

All of your stored personal information will be stored by Valora (and/or by related entities or third-party service providers commissioned by Valora) only so long as necessary for use of the App or so long as permitted or required by law.

• Registration data will be stored for the duration of the existence of the user account. User accounts will be deleted unasked after two years of inactivity.
• We use and store analytical data for a period of one year, with the proviso that aggregated or anonymised data that no longer relate to individual users may, however, be used beyond that period for internal purposes.
• Data relating to Click & Collect "The Kitchen": The data will be deleted one year after the end of the calendar year in which the order was placed, unless there are legal retention periods.
• Data of blocked users: For users who have been blocked due to fraudulent activity, we store the relevant data (e.g. email address, phone number, user ID) for a period of two years from the date of blocking. This extended retention period is necessary to ensure that blocked users cannot re-register and continue the fraud. After the two-year period has expired, the data is automatically deleted, provided that there are no legal obligations for further retention.

This App is not designed for children and teens under 16 years of age so no personal information about children is collected.

• Revocation of consent: In the case of data processing operations to which you have granted consent, you are entitled to revoke such consent at any time. You can adjust your personal settings directly in the App. Since you can consent to a variety of functionalities, in case of a revocation of your consent, only the function for which you revoked your consent will be disabled or limited.
• Objections: You may object at any time to data processing operations that we perform based on our legitimate interests, as well as processing for the purpose of direct marketing.
• Right to information and right to transfer: You are also entitled to find out from us which of your personal information we process to what purposes and on what legal grounds, and to request a free copy of your personal information. At your request, we can forward the copy to a third-party data controller, if technically feasible and not unreasonably costly.
• Right to rectification: If your personal information is incomplete or incorrect, you have the right to demand rectification thereof. You can rectify some of the information yourself in the App's Customer Centre.
• Right to erasure: You have the right to have your personal data deleted under certain circumstances. In individual cases, the right to deletion may be excluded. You have the right to delete your customer account and the associated data yourself at any time. The final deletion of the customer account takes place 30 days after you have requested the deletion. We need this period of time to check the legal admissibility of the deletion request and to prevent fraud. Please note that uninstalling the App will not automatically erase your customer account and that your information will remain intact in case you decide to reinstall the App later on. If your account was blocked due to a violation of the terms and conditions of the loyalty program, certain data may be stored for a period of two years for fraud prevention purposes before it is permanently deleted. In individual cases, the right to erasure may therefore be restricted in this context.
• Right to restriction: You may demand restrictions on the processing of your personal information.
• Automated decision-making and Profiling: You may reject any decisions in this App made exclusively through automated processing (especially profiling and personalised offers).

If you wish to exercise your above-described rights or have other questions about the processing of your personal information, please contact our company Data Protection Officer by sending an e-mail to dataprivacy@valora.com or a letter to our mailing address, adding the words "Attn: Data Protection Officer". To enable our Data Protection Officer to classify your query as quickly as possible, it is best to add "avec App" in the subject line of your message.

If you have a reason to assume that Valora is not using your personal information in compliance with the applicable laws and other regulations and/or if you are dissatisfied with the reply to your query about the exercise of your rights, you may lodge a complaint with the supervisory authority.

We use the Google developer platform Firebase and the related functions and services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google Firebase is a platform for Apps developers for mobile devices and websites. Google Firebase offers a variety of functions described on the following summary page: https://firebase.google.com/products/.

Such functions include, among others, the storage of Apps, including the users’ personal information, such as content created by you or information about your interaction with the Apps. In addition, Google Firebase offers interfaces that enable interactions between App users and other services.

The users’ interactions are analysed using the Firebase Analytics service, which helps us record our users interactions, e.g., events such as the first-time opening of the App, uninstall, updates, crashes and the frequency of use of the App. Certain interests of the users are also recorded and analysed.

The information processed using Google Firebase may be used in combination with other Google services, such as Google Analytics and the Google Marketing services. In that case, only pseudonymous information, such as Android Advertising ID or Advertising Identifier for iOS will be processed in order to identify the user's mobile devices. For further information about the use of data for marketing purposes by Google, see the summary page: https://www.google.comp/policies/technologies/ads; Google's Privacy Policy is available at https://www.google.com/policies/privacy.

Google is certified under the Privacy-Shield Agreement, which guarantees that it ensures a level of privacy protection commensurate with European data protection laws https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Please note that this Data Protection Policy is subject to change at any time without prior notice. Please check this App Data Protection Policy for changes on a regular basis. We label changes with an additional label such as "new" or "update". All changes will enter into effect immediately upon publication of the revised App-Data Protection Policy in this App.