Privacy Policy of Ofrino

This Application collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Access to third-party accounts

      • Facebook account access

        Permissions: Email

      • Stripe account access

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Analytics

      • Google Analytics

        Personal Data: Cookies; Usage Data

    • Contacting the User

      • Contact form

        Personal Data: address; city; company name; country; email address; field of activity; phone number; province; state; various types of Data; website; ZIP/Postal code

      • Phone contact

        Personal Data: phone number

    • Content commenting

      • Comment system managed directly

        Personal Data: username

    • Displaying content from external platforms

      • Google Maps widget

        Personal Data: Cookies; Usage Data

    • Handling payments

      • Stripe

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Hosting and backend infrastructure

      • Firebase Cloud Firestore, Firebase Cloud Functions, Firebase Cloud Storage and Firebase Realtime Database

        Personal Data: Usage Data; various types of Data as specified in the privacy policy of the service

      • Firebase Hosting

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Managing contacts and sending messages

      • Firebase Cloud Messaging and Firebase Notifications

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Registration and authentication

      • Firebase Authentication

        Personal Data: email address; first name; last name; phone number; profile picture; social media accounts ; username

      • Facebook Authentication and Stripe OAuth

        Personal Data: various types of Data as specified in the privacy policy of the service

Further information about Personal Data

    • Ofrino Core Services

      Introduction

      Ofrino's mission is to enable our Users, e.g. consumers and merchants, to enhance their commercial relationships and make them as fruitful and mutually beneficial as possible. This includes Services enabling Merchants to reward Consumers for repeat purchases; enabling Consumers to give valuable feedback to Merchants etc.

      As detailed in this privacy policy, Ofrino ensures that you have full control over your data at any point in time. Furthermore, the data we collect on your behalf is strictly used to help us provide the best possible services to you, including to be able to support, personalize and further develop our Services. It is also instrumental in guaranteeing optimal transparency and accountability to safeguard and hopefully maximize your gains with Ofrino.
      Continue reading below to get a full picture on what personal data we save, how we use It, who we share it with, and what are your rights related to your personal data.

      In this privacy policy, we use the term Merchant to denote a business, e.g. a restaurant chain, or whomever acts on behalf of the business, e.g. the business Owner or a Cashier at a given restaurant.
      Likewise, we use the term Consumer to denote a customer, an individual that purchases goods or services from a Merchant.

      Note that the same individual User can use the same account to act both as a Merchant and a Consumer in different settings, e.g. a User works as a Cashier in a restaurant and buys at the local grocery as a Consumer.


      1 Personal data collected
      1.1 Profile
      We create and update your profile automatically when you login to Ofrino using your Facebook, Google or any third party identity provider account. We save your basic profile information provided to us by the service, including name, email and your profile picture.

      1.2 Transactions
      For each transaction you make using Ofrino, we save the following data:
      Merchant branch/shop and location; transaction time; total transaction amount and currency; used Ofrino card type; earned reward; consumed reward if any; as well as which Cashier account has been used to handle and approve the transaction. Some merchants might also provide us with information about what goods or services were purchased.
      We link this information to the Consumer account.

      1.3 Use of our Services
      When you visit or otherwise use our Services, for example when you login, scan an Ofrino QR code at a shop location, look your Consumer cards up through Ofrino website or approve a transaction as a Cashier, we log your usage, including when and what parts of our Services you used, the duration of the usage and information about the used device (smartphone, tablet, PC ...), and possibly your ip-address.

      1.4 Errors
      If any error occurs during your usage of Ofrino, an error log entry might be saved, which might include personal data relevant to the error, e.g. information about used device, details about a transaction etc.
      We might also link the error to your account, to be able to contact you during the technical investigation of the error.


      2 How We Use Your Data

      We use your data to provide, support, personalize and develop our Services

      2.1 Services

      We use your data to authorize access to our Services.

      Profile and Transactions

      We use your profile to personalize your experience on Ofrino Services.

      We use data about your purchases and completed transactions to provide you with rewards and benefits, according to the individual merchant’s loyalty programs you sign up to.

      We also use your profile, e.g. your name and profile picture, to enable Merchants to better identify you to handle and approve a transaction at the shop, as well as to personalize your experience of their customer service.
      We also use your profile together with the transactions in various reports, including about your purchase history and patterns, total spending, gained and redeemed rewards etc. We might use elements of your profile and transactions in aggregated insights about consumers, including consumer loyalty, trends, reward program attractiveness etc. These can be used at the individual Merchant’s level to evaluate and continuously improve their loyalty programs and overall business performance, e.g. by taking initiatives targeting an individual consumer or group of consumers based on the insights gained. They can also be used to improve our own Ofrino Services, e.g. improving or introducing new loyalty programs inspired by the gained insights about consumer behavior, make new segmentations of Consumers based on behavior to personalize rewards most attractive to each segment etc.


      2.2 Communications

      We contact you and enable communications between users.

      We will contact you through email, mobile phone, notices posted on our website, and other ways through our Services, including text messages and push notifications. We will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, reminders and status about your rewards etc.

      We also enable communications between you and others through our Services, including for example our Feedback Service, which let Consumers give feedback and have a dialogue with the Merchants about products and the customer service, to enable a dynamic relationship for the benefit of all parties.


      2.3 Marketing

      We promote our Services to you and others.

      We use data and content about users for invitations and communications promoting membership, growth of, and engagement with our Services.

      2.4 Customer Support

      We use data to help you and fix problems.

      We use the data (which can include automatically collected error logs) to investigate, respond to and resolve errors, complaints and Service issues (e.g., bugs), to the benefit of all our users.


      2.5 Aggregate Insights

      We use data to generate aggregate insights.

      We use your data to produce and share aggregated insights that do not identify you. For example we may use your data to generate statistics about our users, their loyalty program membership, or to publish membership demographics for a business type and/or region, loyalty program performance per business type and/or region etc.


      For example, we might aggregate insights that would let merchants know what type of reward system is most popular in a certain country or region. This would allow merchant to setup and differentiate their reward program to better satisfy their consumers.

      2.6 Security and Investigations

      We use data for security, fraud prevention and investigations.

      We use your data (including your transactions) if we think it’s necessary for security purposes or to investigate possible fraud or other violations including to this Privacy Policy and/or attempts to harm our Users or Visitors.


      3. How We Share Information

      We do not sell your data to third parties.
      Obviously, regular operations within Ofrino allows some of your data to be seen by others. For instance, merchants would be able to see previous transactions, in order to be able to decide the amount of reward/discount they need to give you.
      No data will be disclosed, unless in full compliance with laws and regulations. See below for more details.


      3.1 Our Services

      Your profile data, feedback and transactions you perform at a given Merchant might be seen by the relevant staff of that particular Merchant, across all branches and subsidiaries owned or cooperating with the Merchant. E.g. your transactions made at a given restaurant branch would be visible to the staff at any other branch of that particular Merchant you visit subsequently, which would allow you to earn rewards across all visits to any branch, as defined by the loyalty program, and would also allow the staff at the new locations to personalize your experience based on your profile and data across all branches.


      3.2 Service Providers

      We may use others to help us with our Services.

      We use others to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

      3.3 Legal Disclosures

      We may need to share your data when we believe it’s required by law or to help protect the rights and safety of you, us or others.

      It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Ofrino, our Users, personnel, or others. We attempt to notify User about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.


      4 Your Rights & Obligations


      The data we save about you can be categorized into whether the data is strictly necessary, I.e. without which we cannot provide our core services, or not; whether it is personal, I.e. the data can be used to identify you as a person, or not; and on what lawful basis we process your data.

      Depending on which category the data belongs to, your rights and obligations might differ.

      For example, transactions are strictly necessary to compute the rewards you earn and to keep traceability of the monetary rewards given by Cashiers. If you object to the collection of this data, you may close you account, as we would not be able to provide you with our Services without it. On the other hand, logs and statistics of the use of our Services are crucial for the continued improvement and development of our Services, but they are not strictly necessary to provide the Services as-is, and you may continue to use our Services even if you request anonymization of this type of data.
      Likewise, your name and email address can be used to identify you, and are thus personal data. However, anonymized use log data are, in and by themselves, not personal, because they cannot be used to identify you as an individual.


      4.1 Data Retention

      We keep most of your personal data for as long as your account is open.

      We retain your personal data while your account is in existence or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. Even if you don't use our Services for prolonged periods, e.g. you, as a Consumer,rarely visit a shop that uses our Services, we will retain your information and keep your profile open until you decide to close your account. In some cases we choose to retain certain information in a depersonalized or aggregated form.




      4.2 Rights to Access and Control Your Personal Data

      You can access, anonymise or delete your personal data. You have some choices about how your data is collected, used and shared.

      For personal data that we have about you:

      Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
      Change or Correct Data: You can edit some of your personal data through your account. If you use third party identity provider account to login, you may edit your personal data through that provider, and we will update our copy of your data. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
      Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
      Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

      You may contact us using the contact information below, and we will consider your request in accordance with applicable laws.



      4.3 Account Closure

      We keep some of your data even after you close your account.

      If you choose to close your Ofrino account, your personal data will generally stop being visible to others on our Services within 24 hours. We generally delete closed account information within 30 days of account closure, except as noted below.

      We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.

      Information that constitute a basis for monetary rewards which have been shared with others (e.g., transactions shared with a Merchant to earn you a reward) will remain visible after you closed your account, however, it will not be associated with your profile, and would be shown as related to an unknown user. In other words, it would be anonymized.


      5. Other Important Information

      5.1. Security

      We implement security safeguards designed to protect your data, such as HTTPS. We host our services on an infrastructure owned and operated by Google, which have a high standard for security. However, we cannot warrant the security of any information that you send us, or that we collect from your use of our Services. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

      5.2. Cross-Border Data Transfers

      We store and use your data outside your country.

      We process data both inside and outside of the United States and rely on legally-provided mechanisms to lawfully transfer data across borders. Countries where we process data may have laws which are different, and potentially not as protective, as the laws of your own country.

      5.3 Lawful Bases for Processing

      We have lawful bases to collect, use and share data about you. You have choices about our use of your data.

      At any time, you can withdraw consent you have provided.

      We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the Ofrino Services you have requested)) and “legitimate interests” (e.g. security, product development and enhancement etc.).

      Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us (see section about contact information).


      5.3 Children’s information

      Ofrino Services are not directed to children under 13. If you learn that your minor child has provided us with personal information without your consent, please contact us.

    • Push notifications

      This Application may send push notifications to the User.

Contact information

    • Owner and Data Controller

      Ofrino
      Ørestad Boulevard
      2300 København S

      Owner contact email: info@ofrino.com