Data policy

Home
/
Data policy

We take care of your personal data

MyBonuz is built on the idea that the less personal data the user has to provide, the less vulnerable the system is.

So at MyBonuz we only need to know your email address and a selfie, all other personal data you submit is voluntary. If you submit more data, e.g. nickname or phone number, this data is encrypted on our servers so that no one can read it.

We follow the applicable GDPR rules from the EU, and in some cases even go further than that in relation to them to protect you, we also do not sell your behavioral data to others.

Key points in our data security policy

Country specific configuration

Basically, MyBonuz doesn't need any personal information to work - not even people's names.

MyBonuz is based on unique addresses on mobile devices, a picture of the person and an email address. We can configure the system at country level so that the user enters more information than the above.

Encrypted personal data

All data in the system that countries may wish to be registered is encrypted so that it can only be read by the application itself.

This means that even if hackers were to gain access to the database (which is of course secured), there are no usable personal ones information available.

GEO Locations will NOT be saved

MyBonuz uses longitude and latitude locations to find the nearest shops, bars, restaurants, etc., making it easier for the user to select the location.

However, MyBonuz does not save this location information in the database, so MyBonuz does NOT do geographic tracking.

Your data will NOT be handed over to others

The MyBonuz business model is based on the fact that we make money from our services, not from the data we receive.

MyBonuz does not share information with anyone other than the companies that purchase our services.

Bar owner can store data about personnel

Otherwise, the system cannot perform all the functions as promised.

Examples of personnel data are name, address, telephone number and bank information.

Personnel can view and edit own data

Only the store owner and the individual employee have access to this information.

The employee can at any time delete data that employees do not think should be shared.

Policies

Definitions

Service

The service is in the mobile applications made available via MyBonuz.

Usage data

MyBonuz collects data on how much the individual user spends on the system, this data is used exclusively to optimize the system.

Cookies and other local data

All user interaction with the web server takes place via mobile applications, but we have no data stored locally on the mobile phone.

Information about personal data

The shop owner can update information about staff (see above), and it is the shop owner's responsibility as data processor to ensure that that the content of personal data is ok. MyBonuz, as data storage manager, is responsible for storing all data in an encrypted and secure environment.

The following fields are used by the system - and these will be used for the system to function:

Email
Nickname
Image of face (selfie)
Loyalty card status

Legal obligations

MyBonuz passes on personal data in the event that it is necessary for:

To comply with national laws
Ensure that authorities can investigate illegalities
Protect public authorities
Legal protection of MyBonuz

Resale or disclosure of data to 3rd parties

Policy

MyBonuz submits the data to the authorities in the countries in which we operate, which the authorities request.

MyBonuz does not make money from the data transfer - this policy is a fixed part of the MyBonuz vision.

Your consent to this Privacy Policy followed by your submission of such information represents your consent to this transfer.

MyBonuz will take all steps reasonably necessary to ensure that your data is processed securely (see below) and in accordance with this privacy policy and no transfer of your private data takes place place to an organization or country unless there are appropriate controls in place including the security of your data.

Legal basis for processing private data according to the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), MyBonuz's legal basis for collection and use is of the private information described in this privacy policy depends on the private data we collect and the specific context in which we collect them.

Storage of data

MyBonuz only stores your private data as long as it is necessary for the purposes described in this data policy.

We store and use your private data to the extent necessary to comply with our legal obligations, for example, if we are required to retain your data to comply with applicable laws, resolve disputes and enforce our legal agreements and policies.

Technical measures against hacking

General

MyBonuz cannot guarantee 100% security against hacker attacks or the like, but we can guarantee that we have our utmost to ensure that user data is protected from hackers.

Communication

All communication takes place via encrypted lines HTTPS

Sha256 codes have been introduced in all API headers to ensure that the communication to the server arrives from the correct units.
"Tokens" are sent between mobile devices and server for each call - these tokens are based on JWT technology and is per user.
Communication between a user and server can only be done from the user's mobile phone.

Server

The data is stored on a PostgreSQL database, and all data is secured with the security system in the database.

The web service is coded in django, and the module: cors headers is turned on, which ensures that hackers cannot break into sessions.