Bonus Logo Bonus
Admin Login

Privacy Policy

MyBonusBerlin — Last updated: March 22, 2026

1. Who we are and how to contact us

MyBonusBerlin is an in-store loyalty and coupon app operated in Berlin, Germany. This Privacy Policy applies to the MyBonusBerlin mobile application and related website and services (together, the “Service”).

Data controller:
MyBonusBerlin (a brand of Foto Tek online Labor / Foto-Tek Gruppe)
Badstr. 38
13357 Berlin, Germany

Contact for privacy and data protection:
Email: fototek@t-online.de
Phone: 030 46064289

For general legal notice (Impressum), see our Impressum page.

2. What data we collect

We collect only what is necessary to provide the loyalty and coupon service. The table below describes the categories of data we process. We do not collect precise location/GPS, advertising IDs, or sell your data to third parties for marketing.

Data category Purpose Legal basis (GDPR)
Account data (email, phone, name, username) Account creation, login, profile, support Contract; consent where applicable
Business profile data (business name, address, phone, opening hours) For business/admin accounts and store profiles Contract
Loyalty data (points, stamps, coupons, rewards, transactions) To operate the loyalty and coupon system Contract
Device tokens (e.g. FCM for push notifications) To send push notifications (e.g. rewards, offers) Consent
Technical and usage data (IP address, user agent, activity type) Security, fraud prevention, login/activity logs Legitimate interest; legal obligation
Payment-related data (order amount, status; no card details stored by us) Processing payments via our payment provider Contract
Analytics (Firebase Analytics) To understand app and website usage and improve performance Legitimate interest

Push notifications: We send push notifications only if you enable them on your device. You can disable them at any time in your device settings.

Analytics: We use Firebase Analytics to understand app and website usage and improve performance. See Google’s privacy policy (linked in section 6) for how Firebase processes data.

Data we do not collect: We do not collect precise geolocation or GPS data for the loyalty/coupon flow. We do not collect advertising identifiers for ad targeting. We do not sell your personal data to third parties for their marketing.

Camera: The app may use your device’s camera solely to scan QR codes shown in-store to collect points or stamp coupons. QR content is processed to validate the code; we do not store or use camera images beyond that.

3. How we use your data

We use the data we collect to:

  • Create and manage your account and authenticate you (including via phone/OTP or email).
  • Provide the loyalty and coupon service: record points, stamps, and rewards when you scan QR codes and redeem offers.
  • Send you push notifications (e.g. when a reward is available) if you have agreed to them.
  • Process payments where the service supports in-app or linked payments (payment details are handled by our payment provider; we do not store card numbers).
  • Operate and secure our systems (e.g. logs for login and security).
  • Improve our app and website (e.g. analytics on usage, where applicable).
  • Comply with legal obligations and enforce our terms.

4. Legal basis (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your data on the following bases:

  • Contract (Art. 6(1)(b)): To perform our contract with you (account, loyalty, coupons, payments).
  • Consent (Art. 6(1)(a)): Where we ask for your consent (e.g. push notifications, optional analytics). You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): For security, fraud prevention, logs, and improving our service, where not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)): Where we must retain or disclose data to comply with law.

5. Data retention

We keep your data only as long as necessary for the purposes above:

  • Account and profile data: for the duration of your account and as required for legal or contractual purposes after closure.
  • Loyalty and transaction data: as needed to operate the program and for legal/tax requirements.
  • Activity and security logs: for a limited period for security and troubleshooting.
  • Verification and password-reset codes: short-lived and deleted after use or expiry.
  • Device tokens: until you revoke push notifications or delete your account.

When you request account deletion, we will delete or anonymise your personal data in line with our retention rules and applicable law.

6. Sharing and third-party processors

We do not sell your personal data. We share data only with trusted processors that help us run the Service, under strict obligations to protect your data:

  • Hosting and database: Our servers and database (e.g. in the EU where possible) to store and process your data.
  • Twilio: To send SMS verification codes (OTP). Twilio’s privacy policy: twilio.com/legal/privacy.
  • Email providers (e.g. SMTP/Titan): To send transactional and verification emails.
  • Firebase (Google): For push notifications (FCM) and, on our website, analytics. Google’s privacy policy: policies.google.com/privacy.
  • Stripe: For payment processing. We do not store card details; Stripe does. Stripe’s privacy policy: stripe.com/privacy.
  • Cloudinary: For storing and serving images (e.g. business/menu media). cloudinary.com/privacy.

We may also disclose data where required by law or to protect our rights and safety.

7. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, and secure storage. No method of transmission or storage is 100% secure; we strive to minimise risks in line with industry practice.

8. Children’s privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us and we will delete it promptly.

The app does not use third-party advertising networks and does not track users across third-party apps or websites.

9. Your rights (GDPR)

If you are in the European Economic Area (EEA) or Germany, you have the following rights:

  • Access (Art. 15): Request a copy of the personal data we hold about you. We also provide a data export via our API for logged-in users where supported.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete data (e.g. via your account settings).
  • Erasure (Art. 17): Request deletion of your data, subject to legal exceptions. You can request account deletion by contacting us.
  • Restriction (Art. 18): Request that we limit processing in certain circumstances.
  • Data portability (Art. 20): Request your data in a structured, machine-readable format where applicable.
  • Object (Art. 21): Object to processing based on legitimate interests, including profiling.
  • Withdraw consent: Where we rely on consent, you may withdraw it at any time (e.g. disable push notifications in device settings).
  • Complaint: You have the right to lodge a complaint with a supervisory authority, e.g. the Berlin Commissioner for Data Protection and Freedom of Information (datenschutz-berlin.de).

To exercise these rights, contact us at fototek@t-online.de. We will respond within the time limits required by law (generally one month).

10. International transfers

Your data is primarily processed in Germany/the European Economic Area. Some of our service providers (e.g. Twilio, Google Firebase, Stripe) may process data in the United States or other countries. Where we transfer data outside the EEA, we ensure appropriate safeguards are in place (e.g. EU Standard Contractual Clauses or adequacy decisions) as required by GDPR.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. For material changes, we may notify you via the app or email where appropriate. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

12. How to contact us

For any questions about this Privacy Policy or your personal data:

MyBonusBerlin / Foto Tek online Labor
Badstr. 38, 13357 Berlin, Germany
Email: fototek@t-online.de
Phone: 030 46064289

By using the MyBonusBerlin app or website, you acknowledge that you have read this Privacy Policy and understand how we collect, use, and protect your data. If you do not agree, please do not use the Service.

Back to Home