GDPR Compliance
General Data Protection Regulation Information
1. Our Commitment to GDPR
Kartička is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.
The GDPR applies to all individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the data processing takes place.
2. Data Controller
Company: Cask Coded s. r. o.
Address: Sokolovska 178/10, Kosice - mestska cast Zapad, 040 11, Slovakia
Email: studio@caskcoded.com
DPO Email: dpo@caskcoded.com
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent (Article 6(1)(a))
For optional features like cloud sync and camera access, we rely on your explicit consent. You can withdraw consent at any time.
Contract Performance (Article 6(1)(b))
To provide our loyalty card management service as requested by you, including card storage and barcode display functionality.
Legitimate Interests (Article 6(1)(f))
For service improvement and security, balanced against your privacy rights. We minimize data processing to what is strictly necessary.
4. Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of your personal data we hold
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data
Right to Restrict Processing
Limit how we use your data
Right to Data Portability
Receive your data in a structured format
Right to Object
Object to certain types of processing
5. Data Processing Activities
Personal Data We Process
- Card Data: Barcode numbers, card names, store names (stored locally on device only)
- Preferences: App settings, display preferences, categories (stored locally)
- Subscription Status: Premium subscription status (if applicable, via Apple)
Processing Purposes
- Providing the loyalty card management service
- Displaying barcodes for checkout scanning
- Syncing data across devices (Premium, with consent)
- Processing subscription payments (via Apple)
Minimal Data Processing: Kartička is designed to minimize data processing. The vast majority of your data never leaves your device. We do not operate servers that store your card data.
6. Data Transfers and Storage
- Card data is stored locally on your device and never transferred to our servers
- If iCloud sync is enabled, data is transferred to Apple's iCloud servers under Apple's privacy policies
- Subscription data is processed by Apple through the App Store
- We do not independently transfer personal data outside the EU/EEA
7. Data Retention
- Card Data: Retained on your device until you delete it or uninstall the app
- iCloud Data: Retained in your iCloud until you delete it or disable sync
- Subscription Data: Managed by Apple; retained per Apple's policies
- Support Communications: Retained for up to 2 years for service improvement
8. Exercising Your Rights
To exercise any of your GDPR rights, please contact us using the information below. We will respond within 30 days of receiving your request.
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.
9. Data Protection Officer
For questions about data protection and GDPR compliance, you can contact our Data Protection Officer:
Data Protection Officer
Email: dpo@caskcoded.com
Subject: GDPR Inquiry - Kartička
10. Updates to GDPR Compliance
We regularly review and update our GDPR compliance measures. Any material changes will be communicated through our Privacy Policy and this page. The last update date is shown at the top of this page.
11. Contact for GDPR Requests
For any GDPR-related requests or questions, please contact us:
GDPR Requests
Email: gdpr@caskcoded.com
Subject: GDPR Request - [Type of Request]
Website: https://caskcoded.com