In order to optimize our website for you and to be able to continuously improve it, we use cookies and services from third parties. Some of these are essential to ensure the operation of the site (e.g. for the shopping cart), while others help us to improve our online offer and operate it economically. You can easily set which type of cookies and which services are allowed via the settings. Further details can be found in our privacy policy.

Settings
Download the App
#

Privacy policy

Status: 15 September 2025

Preamble

The protection of your personal data is important to us, [your company, legal form] (hereinafter "GetYourOffers", "we" or "us"). This privacy policy informs you about what personal data we collect, how we process and use it when you visit and use our platform (websites and mobile applications). We strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Name and address of the controller responsible for processing

The controller within the meaning of the GDPR is

repalogic GmbH
Otto-Meckler-Straße 12-2
88605 Meßkirch
Meßkirch, Germany

E-mail: datenschutz@repalogic.com

Website: https: //www.repalogic.com

2. General information on data processing

a) Legal bases of processing Insofar as we obtain the consent of the data subject for processing operations, Art. 6 para. 1 lit. a GDPR serves as the legal basis. Art. 6 para. 1 lit. b GDPR serves as the legal basis for the fulfilment of a contract or for the implementation of pre-contractual measures. To fulfil a legal obligation to which we are subject (e.g. statutory retention obligations), Art. 6 para. 1 lit. c GDPR serves as the legal basis. In order to safeguard a legitimate interest of our company or a third party, Art. 6 para. 1 lit. f GDPR serves as the legal basis, unless the interests or fundamental rights of the data subject prevail.

b) Principles of data processing We only process data within the scope of the specified purposes. Personal and anonymised data are processed strictly separately; they are not merged.

c) Data erasure and storage duration We only store your personal data for as long as is necessary for the respective processing purposes. Once the purpose no longer applies, the data will be deleted, provided there are no statutory retention obligations to the contrary.

d) Necessity of the provision
The provision of certain data is necessary for the use of individual functions (e.g. registration data for a user account, location data for local offers). Without this data, the respective functions cannot be used or can only be used to a limited extent. Voluntary information is labelled accordingly.

e) Processors
We use carefully selected processors for individual processing operations (e.g. hosting, e-mail dispatch, analytics). These are contractually bound in accordance with Art. 28 GDPR. Categories of recipients are documented in the consent tool and on request.

3. Provision of the platform and creation of log files

Each time our platform is accessed, our system automatically collects data (including IP address, date/time of access, browser type) to ensure the functionality and security of the platform. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR). The data will be deleted after 14 days at the latest.

4. Registration and use of the platform

You can register on our platform in order to use its full functionality. The data you enter (user name, email address, password) will be processed to fulfil the user relationship. To protect your access data, passwords are only stored in encrypted form (as a hash value). The legal basis is the fulfilment of the user contract (Art. 6 para. 1 lit. b GDPR).

5. Data processing for fee-based contracts (merchants)

a) Contract fulfilment If you book paid premium functions as a "merchant", we collect additional data that is necessary to fulfil the contract. This includes your name, address, company data and payment data. This data is used exclusively for contract fulfilment, invoicing and payment processing and is processed in our internal administration and accounting system (TYRIOS). The legal basis is Art. 6 para. 1 lit. b GDPR.

b) Payment service providers We use external payment service providers (e.g. Stripe, PayPal) to process payments. Your payment data is processed directly by these service providers. As these are US companies, data may be transferred to the USA during payment processing. We ensure an adequate level of data protection by concluding EU standard contractual clauses (as a suitable guarantee in accordance with Art. 46 GDPR). We would like to point out that despite these measures, there may be a residual risk that US security authorities may gain access to the data. The transfer of your data to the service provider is based on Art. 6 para. 1 lit. b GDPR.

c) Statutory retention obligations for invoices and business documents Once the contract has been fully processed, your data will be blocked for further use. we must store invoices and associated business documents for a period of up to 10 years due to legal requirements from the German Commercial Code (HGB) and the German Fiscal Code (AO). The legal basis for this longer storage period is the fulfilment of our legal obligations (Art. 6 para. 1 lit. c GDPR).

6. Use of data for advertising purposes

a) Newsletter If you register for our email newsletter, we will process your email address in order to send you regular information. We use our internal system (TYRIOS), which handles the technical dispatch via the service provider SendGrid (Twilio Inc., USA). As SendGrid is a US provider, data is transmitted to the USA. We ensure an adequate level of data protection by concluding EU standard contractual clauses (as a suitable guarantee in accordance with Art. 46 GDPR). If the respective service provider is certified in accordance with the EU-US Data Privacy Framework (DPF), the transfer is also based on this. We would like to point out that despite these measures, there may be a residual risk that US security authorities may gain access to the data. If you give your consent, we will analyse for statistical purposes whether the newsletter has been opened and which links have been clicked (opening and click tracking). The legal basis for sending and measuring success is your consent (Art. 6 para. 1 lit. a GDPR), which you can revoke at any time.

b) Direct advertising for existing customers (merchants) If you have purchased a paid service from us as a merchant, we reserve the right to use your email address for direct advertising for our own similar goods or services. The legal basis for this is our legitimate interest in marketing our products (Section 7 (3) UWG, Art. 6 (1) (f) GDPR). You can object to this use at any time.

7. Location data for displaying local offers (geolocation)

We offer you the option of displaying local offers based on your approximate location.

  • Purpose: The processing serves the sole purpose of presenting you with relevant, regional offers in your area.

  • Procedure and legal basis: If you actively use the "Determine location" function, you give us your consent to determine your location. The legal basis is Art. 6 para. 1 lit. a GDPR and for access to device information § 25 para. 1 TTDSG. The location is determined via the geolocation API of your browser or the location services of your device directly on your end device.

  • Data transmission and storage: Only a unique, non-personal position signal (e.g. coordinates with low accuracy or a postcode region) is sent to our servers in order to load suitable offers. This data does not allow any conclusions to be drawn about your identity and is processed separately from all personal information. We do not store any permanent or personal location histories.

  • Revocation and transparency: You can revoke your consent at any time by deactivating location sharing in the settings of your browser or operating system. We attach great importance to data protection: we do not use location data for marketing, profiling or tracking purposes or pass it on to third parties.

8. Processing of user-generated content and AI-based moderation

To ensure the security of our community, we use automated systems to analyse uploaded content (texts, images).

  • Purpose: The processing of the content you upload serves two purposes:

    1. Immediate moderation: Immediate identification and filtering of potentially harmful content to protect our community.

    2. Internal development: Using this content as training data to develop and improve our own future content moderation systems.

  • Functionality and transparency: Content is checked automatically. In individual cases, content may be blocked or not published. You will be informed of this and can lodge a complaint at any time. Complaints are reviewed by our moderation team. In this way, we ensure that no exclusively automated decision within the meaning of Art. 22 GDPR is made without the possibility of review. Content is generally stored for the duration of your user account.

    For internal development purposes, content is depersonalised before being used as training data (e.g. removal of direct identifiers) and stored separately from personal registration data. We keep logs of moderation decisions for a maximum of [e.g. 12 months], insofar as this is necessary for quality assurance and defence against legal claims.

  • Services used:

    • Google Vision API (Google Ireland Limited / Google LLC, USA): To analyse images.

    • Perplexity AI (Perplexity AI, Inc., USA): For analysing texts.

  • Legal basis:

    • Processing for direct moderation is primarily carried out to fulfil our legal obligations (Art. 6 para. 1 lit. c GDPR) arising from laws such as the Digital Services Act (DSA).

    • Both the direct moderation and the processing of content for the internal further development of our own moderation systems are based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Our interest is to provide a secure platform, to improve the security and quality of our platform in the long term and to become less dependent on external service providers.

  • Data transfer to third countries: When using external services, data may be transferred to the USA. We ensure an adequate level of data protection by concluding EU standard contractual clauses (as a suitable guarantee in accordance with Art. 46 GDPR). We would like to point out that despite these measures, there may be a residual risk that US security authorities may gain access to the data. Processing by the external providers takes place for a specific purpose as part of the direct content check. Any further use by these providers for their own purposes does not take place.

9. Cookies, tracking and consent management

We use cookies and similar technologies on our platform. Cookies are small text files that are stored on your end device. We distinguish between session cookies, which are automatically deleted when you close your browser, and persistent cookies, which remain on your device for a specified period of time. You can find detailed information on the type and storage duration of the individual cookies in our consent management tool.

  • Technically necessary cookies: These are essential for the basic operation of the platform. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) and § 25 para. 2 TTDSG.

  • Analysis & marketing cookies: We only use these cookies with your express consent.

    • Consent management: We use our own consent management tool (TYRIOS) to obtain and manage your consent.

    • Google Analytics: For web analytics (provider: Google Ireland Limited). As data may be transferred to the USA, the transfer is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

    • Facebook Pixel: To determine target groups for adverts (provider: Meta Platforms Ireland Limited). Since data may be transferred to the USA, the transfer is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

  • The legal basis for all non-necessary cookies and the associated tracking is exclusively your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG). You can withdraw your consent at any time. If the respective service provider is certified in accordance with the EU-US Data Privacy Framework (DPF), the transfer is also based on this.

10. Non-personal statistics and pseudonymised reach measurement

We have a fundamental interest in understanding the use of our platform in order to constantly improve it. We make a strict distinction here between non-personal statistics and pseudonymised analysis, which requires your consent.

a) Non-personalised usage statistics (without consent) We constantly collect aggregated and completely non-personalised data about the use of our platform. This includes, for example, how often a certain function is used or how user numbers are distributed across different regions. This data does not allow any conclusions to be drawn about individual persons at any time and is collected without the use of cookies. Location data can be included in these statistics in aggregated form. There is no personal reference or profiling. This data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the fundamental analysis and improvement of our platform.

b) Pseudonymised reach measurement (with consent) If you give us your consent via our consent management tool, we also use a pseudonymised analysis to better understand user behaviour.

  • Process and type of data: For this purpose, a random, pseudonymised identifier is stored on your end device using a cookie. This identifier enables us to recognise your browser or app across multiple visits and sessions without knowing your identity. This allows us to understand how users move around our platform over time. We take technical and organisational measures to ensure that this pseudonymous identifier and the associated usage data are not merged with your personal registration data (such as your name or email address) at any time.

  • Legal basis: The storage / reading of the pseudonymous identifier on your end device is based on your consent in accordance with Section 25 (1) TTDSG. The subsequent processing of the data collected in this way is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

  • Storage period: The data will be deleted as soon as it is no longer required for our recording purposes or you withdraw your consent.

11. Your rights as a data subject (data subject rights)

You have comprehensive rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your data based on a legitimate interest.

  • Right to withdraw consent (Art. 7 para. 3 GDPR)

  • Right not to be subject to a decision based solely on automated processing (Art. 22 GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

  • Note on direct marketing: You can object to the processing of your data for direct marketing purposes at any time; this also applies to profiling insofar as it is associated with such direct marketing (Art. 21 para. 2 GDPR).

To exercise your rights, please use the contact details above.

The competent supervisory authority is generally the data protection supervisory authority of your place of residence. Responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW), Lautenschlagerstraße 20, 70173 Stuttgart, https://www.baden-wuerttemberg.datenschutz.de

12. Special features when deleting the user account

If you request the deletion of your user account, your primary personal data (in particular e-mail address, user name, password hash) will be permanently deleted in accordance with Art. 17 GDPR.

Please note that the content you post is differentiated and treated as follows

  • Personal content: Content with a direct personal reference (e.g. comments) is deleted or permanently anonymised (e.g. "post by a former user").

  • Factualand offer data: Factual information contributed by you (offer details, company data, etc.) is an essential part of our community database. After deletion of your account, this data loses its reference to your person and is no longer personalised. We reserve the right to continue to use this anonymous factual data in order to maintain the platform for all other users.

13. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid. It may need to be amended due to the further development of our platform or changes in legal requirements. we will inform you of any significant changes in good time, for example by email or by means of a clear notice on our platform. The current version is available on our website at all times. changes are documented in the version history on our website.

Appendix: Special provisions for India

(pursuant to the Digital Personal Data Protection Act, 2023 - "DPDP Act")

This Annex supplements our Privacy Policy for users with habitual residence in India. In the event of any inconsistency between this Annex and the main body of the Privacy Policy, the provisions of this Annex shall prevail.

1. Terms under Indian law

  • Data Fiduciary: We, Get Your Offers.

  • Data Principal: You as the data subject.

  • Significant Data Fiduciary (SDF): If we are categorised as an SDF by the Indian government, we will fulfil the additional obligations such as appointing a Data Protection Officer in India, conducting regular audits and Data Protection Impact Assessments.

2.Legal bases for processing All processing of personal data is based on your consent or - where permitted by law - on legitimate uses under the DPDP Act (e.g. fulfilment of a contract, legal obligation).

3.Information and consent You will receive clear and comprehensible information in English before any processing. On request, we can also provide information in another language of the 8th Amendment. Your consent can be revoked at any time. The cancellation is only effective for the future.

4.Children Persons under the age of 18 are considered children. Children are not permitted to use the platform. Behavioural monitoring and targeted advertising to children is prohibited.

5.Rights of data principals In addition to the GDPR rights mentioned in the main section, you have the following rights in particular under the DPDP Act

  • Right to be informed about the processing.

  • Right to rectification and updating of your data.

  • Right to erasure after the purpose has ceased to exist or consent has been withdrawn.

  • Right to withdraw consent at any time.

  • Right to lodge a complaint with the Grievance Officer (see below).

  • Right to appoint a representative in the event of death or incapacity.

6. Transferof data abroad Under Indian law, international data transfers are permitted except to countries that the government specifically restricts. No such restriction list currently exists. We are constantly monitoring developments and adapting our processes accordingly.

7.Grievance Redressal We have appointed a Grievance Officer who you can contact if you have any questions or complaints:

  • Grievance Officer India

  • Email: [grievance.india@getyouroffers.com]

  • Address: [Insert local contact address in India]

We are committed to resolving complaints within the statutory time limit. In addition, you can contact the Data Protection Board of India (DPBI) at any time.

8.Deletion and retention Your personal data will be deleted as soon as the purpose no longer applies or you revoke your consent, provided that there are no statutory retention obligations. We check at regular intervals whether data is still required.

9.Security incidents In the event of a data breach, we will notify both the Data Protection Board of India (DPBI) and the affected individuals in accordance with applicable regulations.

10.changes to this Annex The Indian government is currently working on implementing rules ("Rules") for the DPDP Act. We will amend this Annex as soon as they come into force.

Annex: Special provisions for India

(pursuant to the Digital Personal Data Protection Act, 2023 - "DPDP Act")

This Annex supplements our Privacy Policy for users habitually resident in India. In the event of any inconsistency between this Annex and the main body of the Privacy Policy, the provisions of this Annex shall prevail.

1. Terms under Indian law

  • Data Fiduciary: We, Get Your Offers

  • Data Principal: You as the data subject.

  • Significant Data Fiduciary (SDF): If we are categorised as an SDF by the Indian government, we will fulfil the additional obligations such as appointing a Data Protection Officer in India, conducting regular audits and Data Protection Impact Assessments.

2.Legal bases for processing All processing of personal data is based on your consent or - where permitted by law - on legitimate uses under the DPDP Act (e.g. fulfilment of a contract, legal obligation).

3.Information and consent You will receive clear and comprehensible information in English before any processing. On request, we can also provide information in another language of the 8th Amendment. Your consent can be revoked at any time. The cancellation is only effective for the future.

4.Children Persons under the age of 18 are considered children. Children are not permitted to use the platform. Behavioural monitoring and targeted advertising to children is prohibited.

5.Rights of data principals In addition to the GDPR rights mentioned in the main section, you have the following rights in particular under the DPDP Act:

  • Right to be informed about the processing.

  • Right to rectification and updating of your data.

  • Right to erasure after the purpose has ceased to exist or consent has been withdrawn.

  • Right to withdraw consent at any time.

  • Right to lodge a complaint with the Grievance Officer (see below).

  • Right to appoint a representative in the event of death or incapacity.

6. Transferof data abroad Under Indian law, international data transfers are permitted except to countries that the government specifically restricts. No such restriction list currently exists. We are constantly monitoring developments and adapting our processes accordingly.

7.Grievance Redressal We have appointed a Grievance Officer who you can contact if you have any questions or complaints:

  • Grievance Officer India

  • E-mail: grievance.india@repalogic.com

  • Address: Repalogic India West Private Limited, 339 B, Sqaure One Commercial Althan,
    395017 Surat

We undertake to process complaints within the legally stipulated period. In addition, you can contact the Data Protection Board of India (DPBI) at any time.

8.Deletion and retention Your personal data will be deleted as soon as the purpose no longer applies or you revoke your consent, provided there are no statutory retention obligations. We check at regular intervals whether data is still required.

9.Security incidents In the event of a data leak or other personal data breach, we will notify both the Data Protection Board of India (DPBI) and the affected individuals in accordance with applicable regulations.

10.changes to this Annex The Government of India is currently working on implementing rules ("Rules") for the DPDP Act. We will amend this Annex as soon as they come into force.