Optius - Privacy Policy

Privacy Policy

General

This privacy policy describes how Heco et al ApS ("Heco et al", "we", "us") collects and processes the personal information that you provide to us or that we collect about you when you visit Heco et al's website, www.optius.app ("Website") or use our app, Optius ("Optius") (collectively referred to as "Services", "Service").

Heco et al processes your personal information as described in this Privacy Policy and in accordance with applicable legislation, including the European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, etc. ("GDPR") and the Data Protection Act, Act No. 502 of 23 May 2018, which supplements the GDPR, as well as any changes thereto, as well as other legislation supplementing these rules.

Contact information for the Data Controller

Heco et al is the data controller for the personal information collected.

Heco et al shares joint data control with Facebook for personal information collected using Facebook's analytics tool "Facebook Page Insights" when you visit our Facebook page. Read more in section 3.2.

If you have any questions or comments about this privacy policy, or if you wish to exercise one or more of your rights described in section 6, you can contact:

Heco et al ApS
Nordensvej 1
7000 Fredericia
CVR No.: 41 20 12 07
Email: slm@hecoetal.com

What personal information do we collect, for what PURPOSE AND the legal basis for the processing

When you use our Services, we collect information about your use, such as the type of browser you use and its settings, the search terms you use, your IP address, including your network location, and information about the device you use. The information is collected [among other things] by using cookies or similar technologies.

The purpose is to:
1. create statistics to analyze how our users use our Services and optimize the user experience and features (optimization),
2. improve the security of our Services, including tracking any illegal activities and misuse of our Services.

The legal basis for the processing is your consent according to GDPR article 6, paragraph 1, letter a. Upon your first visit to our Service, you will be asked to decide to what extent you consent to our use of cookies and the resulting processing of personal information.

When you visit our Facebook page, please be aware that we use Facebook's analytics tool "Facebook Page Insights" to obtain statistics about visitors and to gain insights into users' behavior on our Facebook page, including the number of likes, who likes, the number of page views and interactions with the page, withdrawal of likes, and reach of posts, etc.

In this context, we and Facebook collect information jointly. When you visit our Facebook page, you will have access to information about this processing. You can find more information here: https://www.facebook.com/legal/terms/information_about_page_insights_data

We and Facebook have entered into an agreement on joint data control. You can read the agreement here: https://www.facebook.com/legal/terms/page_controller_addendum.

When you create a User Profile in Optius, you can either create it using your Facebook account, create it using your email and a password, or using Apple ID. If you create it using Facebook, you give us permission to collect and store your email; we do not have access to your password.

When creating an account you will also be asked to:
Provide your year of birth
Specify your gender
Specify your zip code
Specify household size
and specify your password

If you create it using Apple ID, we only receive a unique user ID; we do not receive your email.

To ensure that it is you who logs into your account, we use Firebase Authentication, which collects your IP address to protect against IT hacking attacks; "brute-force" attacks. This is to provide you and us with the highest level of security.

The purposes are:
- to create you as a user and provide our Service to you,
- to manage our agreement with you,
- to comply with legal requirements imposed on us.

The legal basis for the processing is GDPR article 6, paragraph 1, letter b, as the processing is necessary for us to fulfill our agreement with you. Processing of information that is necessary for us to comply with legal requirements is carried out pursuant to GDPR article 6, paragraph 1, letter c.

When you connect a "third-party service" in Optius, you will be asked to provide your login credentials for this third-party service (typically username and password). We always request the same information that is required by the third party to log in. Through your login, we collect payment information in the form of data from your digital receipts issued by the third party, including what you have purchased, when, and at what price, and generate a digital copy ("Receipt Information").

The purpose is:
- to retrieve information about your digital receipts from the third-party service in order to provide our Service to you. The services provided are dependent on the selected country; In some countries you will have access to more services and in other countries fewer services. The services provided are:
Home: Overview of your total consumption and associated features of your purchased items.
Groceries: Here you can delve into the details of your grocery consumption.
Chemical Check: See if your personal care products contain chemicals.
Recalls: Check if you have purchased recalled products.
E-Receipts: Collects all your receipts in one place (ONLY receipts issued by the third party).
Budget: Optius' "Budget" allows you to set a total budget and continuously provides an overview of your consumption compared to your budget across the third-party services you have added.

Depending on the third-party service or receipt solution you connect to, Heco et al may have the capability to perform actions on your account within those third-party services. This capability arises solely due to the connection and is not an intended or desired action by Heco et al. While there may be possibilities for accessing other features due to the technical solutions of these third-party services, these are beyond the scope of Heco et al's technical solution. We assure you that Heco et al's agreement with you is strictly limited to retrieving digital receipt information and supporting data to provide our Service to you, and does not extend to any other actions or features.

The legal basis for the processing is your consent according to GDPR article 6, paragraph 1, letter a, and the Act on Payments section 125, paragraph 2. When you connect third-party services to your user profile, we will explicitly ask for your consent to process your login credentials and your Receipt Information for the third-party services you choose to connect.

Other third-party services

In order to improve and optimize the Optius app, we use Google Firebase (Firebase (google.com)) and specifically these modules:
- Firebase Cloud Messaging – This is used for push notifications
- Firebase Crashlytics – Monitors app errors
- Firebase Dynamic Links – This is used in the case of using the "Invite friends/family" feature, which redirects the user to either the App Store or Play Store, depending on the user's operating system (iOS/Android)
- Firebase Remote Config
- Google Analytics for Firebase
To ensure that it is you who logs into your account, we use Firebase authentication, which collects your IP address to protect against IT hacking attacks; "brute-force" attacks. This is to provide you and us with the highest level of security.

When you contact Heco et al for support regarding your use of Optius, Heco et al may access the personal information we have registered about you through your user profile, including your email, names of the third-party services you have added to Optius, information about the features you use in Optius and the extent thereof, log of events such as when you have logged in, error messages, receipt information, etc.

The purpose is to:
- provide support and resolve any challenges you may experience in connection with your use of Optius.

The legal basis for the processing is GDPR article 6, paragraph 1, letters b and f, as we have a legitimate interest in responding to your inquiries and supporting your use of our services to the best of our ability.

Anonymous information about purchasing and consumption patterns, and profile information such as gender, year of birth, postal code, number of household members and year of birth of household members, aimed at assisting businesses in offering the right products to consumers, can be analyzed and provided for a fee and will be accessible to the researchers and universities we collaborate with. The information will never identify you and cannot be attributed to you or your household. We have a legitimate interest in anonymizing this data to conduct our business, and the legal basis for anonymization is GDPR Article 6, Paragraph 1, Letter f. We have conducted a balancing of our legitimate interests in compiling anonymized statistics and analyses of consumption patterns and your interests to ensure that your interests or fundamental rights and freedoms do not override our interests. If you would like more information about the balancing we have conducted, please reach out to us.

Recipients of Personal Information

As a general rule, the personal information collected by Heco et al is not disclosed to third parties.

However, disclosure of your personal information may occur to public authorities if we are obliged to do so by law or to the police in the event of suspicion of violations of the law or as part of an investigation into specific violations of the law.

Information may be transferred to our external partners who process the information on our behalf. We use external partners for hosting, technical operation of the Optius website and app, among other things. These companies act as data processors and subprocessors and are subject to our instructions, processing the information solely on our behalf. The processors and subprocessors may not use the information for any purpose other than fulfilling the agreement with us and are subject to confidentiality regarding this information. Data processing agreements have been entered into with all processors that meet the requirements of GDPR article 28.

The following subprocessors, Google and Auht0, are established in the USA. The necessary guarantees for transferring information to the USA are ensured through the subprocessor's certification under the EU-U.S. Privacy Shield, cf. GDPR article 45 and/or the European Commission's standard contractual clauses, cf. GDPR article 46.

[Copies of our subprocessors' certifications under the EU-U.S. Privacy Shield can be found here, listed by name: https://www.privacyshield.gov/list.]

Google Analytics

Optius uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

On websites where IP anonymization is enabled, your IP address will be truncated within the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's server in the United States and truncated there. IP anonymization is enabled on this website.
Google will use this information on behalf of the website owner to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage.

Facebook Pixel

www.optius.app uses Facebook Pixel, which logs when a person performs an action on your website. The pixel receives these actions – or events, which we use to improve the user experience.

Your rights

In order to ensure transparency about the processing of your information, we, as the data controller, must inform you of your rights. If you wish to exercise your rights, you can contact us. You will find our contact information in section 2.

Right of access
You have the right to be informed, among other things, about the information we have recorded about you, the purpose of the registration, any categories of personal information and recipients of information that may exist, and information about the source of the information. You also have the right to receive a copy of this information.

Right to rectification
You have the right to have incorrect personal information about yourself corrected.
Information collected in connection with your user registration can be corrected by yourself via login to your user profile on Optius.

Right to erasure
1. In certain cases, you have the right to have all or some of your personal information deleted by us, for example, if you withdraw your consent and we do not have another legal basis for continuing the processing. To the extent that continued processing of your information is necessary, for example, for us to comply with our legal obligations or for the establishment, exercise, or defense of legal claims, we are not obliged to delete your personal information. Under "My profile" you can delete your user.

Right to restriction of processing for storage
1. In certain cases, you have the right to have the processing of your personal information restricted to only consist of storage. In that case, we may only process the information with your consent or for the establishment, exercise, or defense of legal claims.

Right to data portability
1. In certain cases, you have the right to receive the personal information that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit this information to another data controller.

Right to object
You have the right to object at any time to our processing of your personal information for direct marketing purposes, including any profiling carried out for the purpose of direct marketing. You also have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal information that is based on our legitimate interests.

Right to withdraw consent
You have the right to withdraw any consent you have given us for a particular processing of personal information. If you withdraw one or more of your consents, please note that you may be completely or partially unable to use the features of the Service.
You can withdraw your consent for the processing of Receipt Information in the app by deleting a specific store login, your profile in the Optius app (this will delete all store logins and other personally identifiable data associated with your user), or by contacting Heco et al using the contact information provided in section 2, and specifying which consent you wish to withdraw. You can also change your password with the third-party service.
Withdrawing your consent does not affect the legality of any processing that occurred prior to the withdrawal, based on the consent.

Right to lodge a complaint
If you wish to lodge a complaint about Heco et al's processing of your personal information, we would be happy to hear from you via our contact form.
You have the right to lodge a complaint with the Danish Data Protection Agency at any time if you are dissatisfied with the way we process your personal information. You can find a complaint form and contact information at www.datatilsynet.dk.

Deletion of personal information

1. Your personal information will be deleted when Heco et al no longer has a legitimate purpose for processing it.
2. Information collected about your use of the website using cookies and similar technologies, as described in section 5.1, will be deleted no later than one month after we receive your request.
3. Information collected in connection with your creation of a user profile and Receipt Information collected from the third-party services you choose to connect, as described in section 4.1, will be automatically deleted or alternatively anonymized if you delete your user profile.
4. However, information, in non-anonymized form, may be stored for up to 10 years if we have a legitimate need for longer storage, for example, if it is necessary for the establishment, exercise, or defense of legal claims, or if storage is necessary for us to comply with legal requirements.
5. Under "My profile" you can delete your user.

Security

We have implemented appropriate technical and organizational security measures to prevent personal information from being accidentally or unlawfully destroyed, lost, altered, or damaged, and to prevent unauthorized access or misuse.

Only employees or data processors who have a genuine need to access your personal information in order to perform their work have access to it. All of Heco et al's employees are subject to confidentiality.

Changes to the Privacy Policy

Heco et al reserves the right to make changes to this Privacy Policy without prior notice. Changes take effect upon publication of the policy on Heco et al's website and Services.

If we make changes to the Privacy Policy, you will be informed via the email address associated with your user profile or through push notifications in the Optius app.

Versions

This is version 8 of Heco et al's Privacy Policy dated July 18, 2024.