Privacy Policy

We at Costless value your privacy and want you to understand the choices and control you have over your information on Costless. Our Privacy Policy is compliant with new requirements of the European Union General Data Protection Regulation (GDPR). PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DO NOT AGREE TO OUR PRACTICES, PLEASE DO NOT CREATE AN ACCOUNT, OR OTHERWISE INTERACT WITH COSTLESS. BY USING COSTLESS YOU ARE AGREEING TO BE BOUND BY FOLLOWING PRIVACY POLICY. THIS PRIVACY POLICY IS INCORPORATED INTO AND IS SUBJECT TO THE COSTLESS TERMS OF USE. This Privacy Policy (hereinafter - "Privacy Policy") applies to personal data obtained by Costless and controller , including through Costless's website as published at https://costless.com.ua (and any other websites with "Costless" branding that link to this Privacy Policy), and any mobile-device applications we offer, such our iOS and Android applications, that are branded "Costless" and link or reference this Privacy Policy (collectively, the "Service"). The Privacy Policy describes the types of personal data we obtain about data subjects as consumers, how we use the information and with whom we share it. We also describe the measures we take to protect the security of the personal data and how you can contact us about our privacy practices. Definitions: Personal data means any information relating to an identified or identifiable natural person (“data subject/user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing regarding your use of Costless Service. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Encryption is a security protection measure for personal data; as a form of cryptography, it is a process whereby personal data gets turned into an encoded and unintelligible version, using encryption algorithms and an encryption key, and whereby a decryption key or code enables users to decode it again. Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject/user's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Costless Ukraine LLC, Sergey Shcherbanenko
Ukraine, Kyiv city, Timoshenka 29A

[full company name]
[full address pf registration]
E-mail: mail@costless.com.ua Capitalized terms that are not defined in the privacy policy have the meaning given to them in the Terms of Use. Anyone can access our website and application without necessity to provide its personal data. As you are willing to use our Service you are required to provide your personal data (to register an Account), thus becoming a user of Costless. 1. Types of Information We Collect The purpose of processing personal data is your intention to use our Service (“Purpose”). With this Purpose we collect the following types of information, that allows us to communicate with you, including information that can be used to identify you, which includes: 1) name, email address, date of birth, phone number and social media website user Account names (“Personal Data”). You provide us with Personal Data when you register for an Account, use the Service, post User Content, interact with other users of the Service through communication or messaging features, or send us customer service related requests, and 2) general information that does not identify you personally as: - Relationship Information that helps us to understand who you are and what types of offers you might like. This includes lifestyle, preference, and interest information; the types of offers that interest you; information collected from social media interactions (such as via Facebook Connect and Twitter); and demographic information (e.g., birth date, age, gender); - Search Information, meaning the terms or keywords you search for when using the Service; - Shopping List Information about what items and terms you search for and place on your Shopping List when using the Service, as well as what items you check off of your Shopping List when using the Service. - Transaction Information about how you interact with the Service, such as the offers you view and redeem, other products you purchase, and the stores you prefer; other information about how you use our Service, email, other communications, and applications; and how you interact with Costless's shops, business partners, and service providers. - Location Information, including precise location data, to help us deliver you offers near you shop if you have activated our Service on a mobile device and permitted your mobile device to transmit location data. - Username and password when you register in our Service; - Loyalty card Information, such as store loyalty card numbers (individual customer number) you elect to register and it’s provider. This data will be used for the contractually agreed purposes – which is the conversion into the corresponding barcode – and will be shown to the user within the app; - Receipt Information based on receipts uploaded to us through the Service, such as the items and date(s) of your purchases, prices of the items, methods of payment, the last four digits of your credit card number, signature, and names and locations of the shops; - Other Information you may provide to us when submitting requests; - Device Information. To collect, maintain and use certain Device Information, we may use session ID and persistent “cookies,” data collection tags or directives such as “pixel tags,” Javascript scripts, API calls, and/or other storage on your device (individually or collectively, “Usage Technology”); - Other Information from Third Parties. We may also receive information about you from service providers, our partners, shops, or other third parties, such as your preferences and interests, device information or your Account information for specific third-party providers if they are integrated with the Costless. Information we receive from such third parties are subject to the limitations of the privacy policies of those third parties. We also receive information about you that is publicly available, such as when you submit information to a blog, chat room, or social network(s). When using these general information, we do not draw any conclusions about you as the data subject. Rather, this information is needed to (1) deliver the content of our website and Service correctly, (2) optimize the content of our website and Service, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process. The personal data entered by you are collected and stored exclusively for internal use by the controller and for his own purposes. The personal data stores separately in data base to avoid data subject identification by using depersonalization features in compliance with GDPR storage limitation principle. 2. How We Use Information You use Costless as your shopping companion, and we will use the Information we collect from and about you in many ways to help you do the shopping. This includes using the Information in creative ways so that you may be provided with shopping-related Service and for advertising and marketing to you. Our uses of Information will change over time to take advantage of the latest technology and methods to help improve our shopping-related Service and the advertising and marketing you receive from us. By using the Service, you agree that we may change our shopping-related Service and advertising and marketing practices at any time. If you disagree with how we provide the shopping-related Service or are advertising and marketing to you, you may opt out of certain activities or stop using the Service. We use Information to: - Operate and improve our Service; - Provide users with offers for products and Service from participating brands and retail clients, including offers based on variables such as stated and anticipated user interests, personal characteristics, consumption of advertisements, past shopping list placements or searches, or user location; - Evaluate eligibility of users for certain offers, products or Service; - Provide card-linked offers; - Evaluate the types of offers, products or Service that may be of interest to users; - Track redemption of offers and past purchases; - Perform analytics; - Provide customer support to users; - Fulfill requests for our Service; - Communicate and provide additional information which may be of interest to you about us and our merchants and business partners, such as our news, special offers, announcements, and marketing materials; - Send you reminders, technical notices, updates, security alerts and support and administrative messages service bulletins, or marketing; - Provide advertisements to you through the Service, email messages, text messages, push notifications, applications, or other methods of communication; - Administer surveys, sweepstakes, contests, or other promotional activities or events sponsored by us or our partners; Manage our everyday business needs such as website administration, forum management, analytics, fraud prevention, Terms of Use or to comply with the law; - Carry out other purposes to which you consent; - Anonymize personal information to provide third parties with aggregated data reports showing anonymized information and other non-personal information; - In addition to the foregoing, we may anonymize or aggregate information and use and disclose it for any purpose. 3. How We Share Your Information We work with various partners so they can provide shopping-related Service, advertising, and marketing to you. To facilitate these activities, we may share your Personal Data with our partners by secured channels under data processing agreements (DPA). By using the Service, you agree that we may share your Personal Data for these purposes. You may be able to adjust how we share your Personal Data by changing options within the Service. If you disagree with the way we share your Personal Data, you may stop using the Service and ask us to delete your Account. As we use third party technological Service for the provision of Service, we may transfer your Personal Data internationally. Providers of such technological Service may process personal data collected in the course of providing us their Service as sub-processors only under DPA in accordance with GDPR. We may share your information, including your Personal Data, as follows: - Service Providers. We may disclose the information we collect from you to third party vendors, technology and other service providers, contractors or agents who perform functions on our behalf, or are engaged with us. For example, we use service providers to help us extract and process the Receipt Information from receipts. These service providers are allowed to access and use the information we make available to them only as needed to perform their functions and for no other purposes. - Commercial Partners and other Third Parties. (a) In connection with our business, we may disclose demographic information (e.g., gender, household size, and number of children) to commercial partners and other third parties in either single or aggregate summary form and may also provide other aggregate or de-identified information to such third parties. Singular summary includes demographic information about a person without specifically identifying the person. For example, this summary does not contain personal information such as an email address, nor does the combination of demographic information make it possible to identify the person. Aggregate summary includes demographic information about a group of persons without specifically identifying any person within the group. (b) We may also provide your information, including your Receipt Information and your Personal Information, to commercial partners, such as retailers or brands, for their own marketing research and analytics purposes (for example, to create models that estimate consumer preferences in the total population or to inform market segments). In that case, we will take steps designed to ensure that your Personal Information is handled securely and is treated at least as protectively as under this Privacy Policy. We will not, however, allow any third parties to use this information for the purposes of individually marketing to you or to contact you. - Affiliates. We may disclose the information we collect from you to our corporate affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Information will be subject to this Policy. - In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a legal proceeding, court order, or other legal process, such as in response to a court order or a subpoena. - To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, or as evidence in litigation in which Costless is involved. Costless will not disclose your Personal Information to a third party without your consent. 4. Security Of Your Personal Information As the controller, we have implemented numerous technical (including encryption) and organizational measures to ensure the most complete protection of Personal Data processed through Costless. We store your Personal Data on our servers and data centers in compliance with DPA. We have implemented commercially reasonable precautions to protect your Personal Data and information we collect from loss, misuse, and unauthorized access, disclosure, alteration, destruction or leak. Please be aware that despite our efforts, no data security measures can guarantee 100% security. The encryption is useless if the access password or other credentials are weakly protected and stored by you. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any data breach, lost, stolen, or compromised passwords or for any activity on your Account via unauthorized password activity. In case there might be a risk of unauthorized disclosure of personal data the controller communicates the personal data breach to the data subject without undue delay. However, as we have implemented appropriate technical and organizational protection measures, as encryption, and it was applied to the personal data affected by the personal data breach, we are not required to communicate you, only to the competent supervisory authority not later than 72 hours after having become aware of personal data breach. 5. Your rights This Privacy Policy also contains your rights towards your Personal Data. Here are the main rights you are entitled to by using our Service: 1) right to obtain from the controller the confirmation as to whether or not personal data concerning you are being processed (right of confirmation); 2) right to obtain from the controller free information about your personal data stored at any time and a copy of this information (right of access); 3) right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you (right to rectification); 4) right to obtain from the controller the erasure of personal data concerning you without undue delay (right to erasure); 5) right to obtain from the controller restriction of processing (right to restriction of processing); 6) right to receive the personal data concerning you, which was provided to a controller, and to transmit those data to another controller without hindrance from the controller (right to data portability); 7) right to object to processing of personal data concerning you (right to object); 8) right not to be subject to a decision based solely on automated processing, including profiling; 9) right to withdraw your consent to processing of your personal data at any time (right to withdraw data protection consent). 6. Cookies and Related Technologies When you use our Service, we may collect certain information by automated or electronic means, using technologies such as cookies, pixel tags and web beacons, browser analysis tools, and web server logs. As you use our Service, your browser and devices communicate with servers operated by us, our business partners and Service providers to coordinate and record the interactivity and fill your requests for Service and information. The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to our Service by your computers or mobile devices. These servers are operated and the cookies managed by us, our business partners or our service providers. For example, when you access our Service, Costless and our service providers may place cookies on your computers or mobile devices. These cookies may include means for tracking your transaction information with a shop and may include tracking technology from third-party affiliate-network operators. Cookies allow us to recognize you when you return, and track and target your interests in order to provide a customized experience. They also help us provide a customized experience and help us to detect certain kinds of fraud. A "cookie" is a small amount of information that a web server sends to your browser that stores information about your Account, your preferences, and your use of the Service. Some cookies contain serial numbers that allow us to connect your activity with the Service with other information we store about you in your profile or as related to your other interactions with the Service. Some cookies are temporary, whereas others may be configured to last longer. "Session" cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases Session cookies once you exit your browser. "Persistent" cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. We use persistent cookies for a number of purposes, such as retrieving certain information you have previously provided (such as your user id if you asked to be remembered), and storing your preferences. Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed specific actions. When you access these pages or open email messages, the pixel tags and web beacons generate a notice of that action to us, or our service providers. These tools allow us to measure response to our communications and improve our web pages and promotions. We collect many different types of information from cookies and other technologies. For example, we may collect information from the devices you use to access our Service, your operating system type or mobile device model, mobile device identifiers, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone of your device. Browsers and mobile devices routinely send these types of information to web servers. Our server logs also record the Internet Protocol ("IP") addresses of the devices use to interact with the Service. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet. We may also collect Information about the website you were visiting before you came to our Service and the website you visit after you leave our Service, if this Information is supplied to us by your browser. In many cases, the information we collect using cookies and other tools is used in non-identifiable ways, without any reference to Personal Information. For example, we use information we collect about users to optimize our Service and understand its traffic and usage patterns. In other cases, we associate the information we collect using cookies and related technologies with Personal Information. In that case, this Privacy Policy governs how we use that information. Additionally, if you have visited our website or activated one of our mobile-device applications, and if the settings on your location-aware device allow us to receive Location Information, we will collect that automatically. If we associate Location Information with other Personal Data, this Privacy Policy governs how we would use that information too. We also use third party Service, such as Google Analytics, to help us understand how visitors interact with our website and to help improve our user experience. Google provides additional privacy options regarding cookie use described at https://www.google.com/policies/privacy/partners. 7. Change or Delete Your Information You may review, update, correct or delete your Personal Data in your Account by contacting us or by making the appropriate modifications in your Account preferences. You can also make changes in the Application by clicking on Settings and making changes. If you would like us to delete your Account and/or remove your records from our system, please contact us and we will delete your Account within 45 days if we do not have any legal obligation to retain the record if the processing is necessary for the establishment, exercise or defence of legal claims. 8. Our Commitment to Children's Privacy Our Service is not directed to be used by children. Children under 13 are not permitted to use the Service and we do not knowingly collect or maintain Personal Data from children and minors. If we obtain actual knowledge that we have collected Personal Data from a child we will promptly delete it, unless we are legally obligated to retain such data. If you are under 13 years-of-age, then please do not use or access Service at any time or in any manner. If you are a parent or guardian and discover that your child under the age of 13 has obtained an Account on the Service, then you may alert us at mail@costless.com.ua and we will delete the information collected from or about that child from our systems. 9. Push Notifications and In-App Alerts and Updates When you download one of our mobile applications, we may provide you with the option to opt in to receive push notifications from Costless on your mobile device in connection with that mobile application. These push notifications may include promotional communications regarding Costless products and Service. You may, after downloading the applicable mobile application, opt out of receiving push notifications by adjusting the settings on your mobile device. Opting out of push notifications will not affect other communications you receive from Costless, such as email communications. You also may receive alerts and updates within our mobile applications regarding Costless products and Service or your Costless Accounts. To opt out of receiving these alerts and updates, you may uninstall the applicable mobile application from your mobile device. 10. Legal Matters We consider your use of our Service to be private. However, we may disclose your Personal Data stored in your account and/or on our servers and databases, in order to: (1) comply with the law or legal process served on us; (2) enforce and investigate potential violations of this Privacy Policy; including use of this Service to participate in, or facilitate activities that violate the law; (3) investigate potential fraudulent activities; or (4) protect the rights, property, or safety of our company, its employees, its customers or the public. 11. Changes to This Policy This Privacy Policy may be changed from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site https://costless.com.ua as well as make it available through the applications. 12. Contact Us If you have any questions about this Privacy Policy or you wish to make changes to your personal data or remove yourself from our database, please contact us by E-mail: mail@costless.com.ua and insert only the words "Re: Privacy Policy" in the subject line header of the e-mail. Data Controller: Costless Ukraine LLC, email: data.controller@costless.com.ua Version: May 25, 2018.