For [Vendor Name] ยท Effective Date: [Date] ยท Version 2.3
Welcome to the [Vendor Name] NEO ONE Loyalty App ("App"). [Vendor Name] ("we", "us", "our") is committed to protecting your privacy. This Privacy Notice explains how we collect, use, and share your personal data when you use the App to access our loyalty program, rewards, and services.
This App is powered by NEO APP INTERNATIONAL Ltd. ("NeoApp"), which provides the software platform under license to [Vendor Name].
| Role | Entity | Contact Details |
|---|---|---|
| Data Controller Decides why & how data is processed | [Vendor Name] | Email: [privacy@vendor.com] Address: [Registered Address], [Country] Phone: [Phone Number] DPO (if applicable): [dpo@vendor.com] |
| Data Processor Processes data on Controller's behalf | NEO APP INTERNATIONAL Ltd. Soho Embassy โ Omonoias 13 Limassol 3052, Republic of Cyprus | Email: dpo@neo-app.eu Website: neo-app.eu |
For any privacy requests (access, deletion, etc.), please contact [Vendor Name] directly. NeoApp processes data only on [Vendor Name]'s instructions.
We collect the following categories of personal data to provide the loyalty program and App functionality:
| Category | Examples | Purpose |
|---|---|---|
| Identity & Contact | Name, email, phone number, member ID | Create account, communicate about rewards, verify identity |
| Loyalty Activity | Points balance, transaction history, rewards redeemed, tier status | Operate loyalty program, calculate rewards, prevent fraud |
| Device & Technical | IP address, device type, OS, app version, crash logs | App security, troubleshooting, analytics |
| Payment Data | Not stored by App | Handled directly by secure payment processors (e.g., Viva Payments, Stripe) |
| Preferences | Language, notification settings, favorite stores/services | Personalize user experience |
| Location Data | Optional (e.g., to find nearest venue) | Only collected if you grant explicit permission via device settings |
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide App & Loyalty Services (account management, tracking) | Contract Performance (Art. 6(1)(b)) โ Necessary to fulfill our agreement with you |
| Communicate Service Updates (password reset, policy changes) | Contract Performance (Art. 6(1)(b)) |
| Improve App Performance (analytics, crash reporting) | Legitimate Interest (Art. 6(1)(f)) โ To ensure stable service |
| Prevent Fraud & Abuse (fake accounts, points manipulation) | Legitimate Interest (Art. 6(1)(f)) โ To protect business integrity |
| Marketing Offers (promotions, newsletters) | Consent (Art. 6(1)(a)) โ Optional: you can withdraw anytime |
| Comply with Legal Obligations (tax records, audit) | Legal Obligation (Art. 6(1)(c)) |
๐ We do not sell your personal data. We share data only with trusted partners to operate the App and loyalty program:
| Recipient | Role | Data Location | Safeguards |
|---|---|---|---|
| NeoApp | Software Provider (Processor) | EU (Cyprus) | GDPR-compliant Data Processing Agreement (DPA) |
| Google Cloud / Firebase | Hosting, Analytics, Push Notifications | EU (Frankfurt / Belgium) | Standard Contractual Clauses (SCCs) |
| Payment Processors | Transaction Processing (e.g., Viva, Stripe) | EU / Global | PCI-DSS Compliance, SCCs |
| Email / SMS Providers | Service Communications (e.g., Mailgun) | EU (Ireland) | SCCs, Encryption |
| Legal / Accounting Advisors | Compliance, Audit | [Vendor's Country] | Confidentiality Agreements |
If your data is transferred outside the European Economic Area (EEA) (e.g., to Google Cloud servers in the US), we ensure appropriate safeguards are in place:
We retain your personal data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Active Account | Duration of your membership + [X] years |
| Transaction Records | [X] years (to comply with tax/accounting laws) |
| Analytics Data | [X] months (anonymized thereafter) |
| Inactive Accounts | Deleted after [X] months of inactivity, unless legal retention applies |
๐ Vendor Note: Specify periods based on local law, e.g., 5 years for tax records in Malta/Cyprus.
Depending on your location, you have the right to:
How to Exercise Rights: Contact [Vendor Name] at [privacy@vendor.com]. We will respond within 30 days.
If unsatisfied, you may lodge a complaint with your local supervisory authority:
| Country | Authority | Website |
|---|---|---|
| ๐จ๐พ Cyprus | Commissioner for Personal Data Protection | dataprotection.gov.cy |
| ๐ฒ๐น Malta | Office of the Information and Data Protection Commissioner | idpc.org.mt |
| ๐ซ๐ท France | CNIL | cnil.fr |
| ๐ Other EU | Local Data Protection Authority | [Link to local authority] |
The App uses cookies and similar technologies to function correctly and improve your experience:
| Category | Purpose | Consent Required? |
|---|---|---|
| Essential Cookies | Enable core functions: login, security, session management, and load balancing. | No โ Strictly necessary for the App to work. By using the App, you accept their use. |
| Analytics Cookies | Help us understand how you use the App (e.g., crash reports, feature usage) to improve performance. | Yes โ You can accept or reject these via the App's consent banner. |
| Marketing Cookies | Used to track users across websites to display relevant ads (if applicable). | Yes โ You can accept or reject these via the App's consent banner. |
Managing Cookies: You can manage your cookie preferences at any time via App Settings > Privacy > Consent Management. Note that disabling Essential Cookies may prevent the App from functioning.
We may send you marketing communications about promotions, loyalty bonuses, new services, or partner offers.
๐ฉ Service Messages: Even if you opt-out of marketing, we may still send you essential service messages (e.g., password resets, points expiry warnings, policy updates) as necessary to fulfill our contract with you.
The App may send push notifications to your device to keep you informed about your loyalty status, rewards, and offers.
| Type | Description | Consent Required? |
|---|---|---|
| Service Notifications | Account updates (e.g., "You earned 50 points", "Your reward is ready") | No โ Based on legitimate interest to provide the service |
| Marketing Notifications | Promotional alerts (e.g., "Double Points Weekend!") | Yes โ Explicit consent required |
| Offline / Background Delivery | Notifications delivered even when the App is not actively open, to ensure timely updates | Requires specific permission via your device settings |
Managing Notifications: You can manage or disable push notifications at any time via App Settings > Notifications or through your device's system settings.
We may update this Notice to reflect changes in our practices or legal requirements.
For questions about this Privacy Notice or our data practices:
๐ง Email:[privacy@vendor.com]
๐ Address: [Vendor Registered Address]
๐ ๏ธ NeoApp Support (Technical Only):tickets@neo-one.eu
This Privacy Notice is a template provided by NEO APP INTERNATIONAL, Ltd, a company registered in the Republic of Cyprus with offices at Soho Embassy โ Omonoias 13, Limassol 3052, Cyprus, as a complimentary resource only.
[Vendor Name] is solely responsible for reviewing, localizing, and ensuring compliance with applicable laws (including GDPR, ePrivacy, and local consumer regulations). NEO APP INTERNATIONAL, Ltd makes no warranty of legal adequacy and assumes no liability for [Vendor Name]'s use or modification of this material.