Hi! Good on you for being the sort of person who reads privacy policies. You dropped this, champ :🥇
Our goal is to provide you with an amazing customer experience that also means that you can always trust us, maintaining a relationship of transparency and honesty.
Who we are
We are Vycto Ltd but usually we just use the name Vycto. You can always contact us via email: info@vycto.com
If you have any questions about data protection at Vycto, feel free to contact us at any time by sending an email to gdpr@vycto.com
As a data controller we are responsible to ensure that all our processing activities are in accordance with legal requirements but also that you may reasonably expect these activities (legitimate interest).
While visiting our website, registering, or participating in giveaways, you agree to our privacy policy.
Privacy is your right and you have the choice
As a customer you can choose which information you would like to share with us. However, this does not always require all the data which you can make available to us.
You can take the following steps to disclose less information about yourself:
Cookies: You can install additional add-ons in your browser that block unnecessary cookies. By doing so, you will not see any interest-based advertisements.
Advertising: If you do not want to receive newsletters from us, you can unsubscribe at any time. In this case, we will not be able to send you any “cool” offers and upcoming giveaways.
You can also make use of the following rights at any time:
Right to access
You have the right to be informed which data we store about you and how we process this data.
Right to rectification
If you notice that stored data is incorrect, you can always ask us to correct it.
Right to erasure
You can ask us at any time to delete the data we have stored about you.
Right to restriction of processing
If you do not wish to delete your data, but do not want us to process it further, you can ask us to restrict the processing of your personal data. In this case, we will archive your data and only reintegrate it into our operative systems if you so wish. However, during this time you will not be able to use our services, otherwise we will process your data again.
Right to data portability
You can ask us to transmit the data stored about you in a machine-readable format to you or to another responsible person.
Automated decision making
We also process your personal data in the context of algorithms in order to simplify our processes. Of course, you have the right not to be subject to decisions based solely on automated processing. If you believe that we have denied your access in an unjustified way, you can always contact us at gdpr@vycto.com . In this case, we will examine the case separately and decide on a case-by-case basis.
Right of complaint
If you believe that we have done something wrong with your personal data or your rights, you can complain to the appropriate supervisory authority at any time.
What data we process
In the following description of our processing activities, we refer in each case to categories of personal data. A category includes several personal data, which are usually processed together for the purposes. Personal data is information that can identify you or even make you identifiable. We generally process the following categories of personal data for the following reasons:
Contact Information:
Name, address, email address, your ID from social media (Instagram)
Reason:
If you contact us, we collect this data because we need to know who we are talking to i.e for cases such as winning a selected giveaway or wanting to collect feedback from you. This also applies to allow us to ensure you have followed the requirements of certain competitions i.e following sponsor business on social media.
Profile data (master data):
Name, email address, password, your ID from social media (Instagram)
Reason:
This data is your master data, which we absolutely need for our services. Without an email address, and a password, you cannot create a profile. Together with your name, this is your master data.
Competition information:
Dates, themes, and accolades (“My Medals”)
Reason:
This can allow Vyto to collect information on your past competition activity, and display this information in your profile (once the feature is introduced)*, giving users an overview of performance in previous competitions.
Account creation
When creating a customer account you will be asked to enter your master data. This is absolutely necessary, as we cannot create a customer profile without this data. Your email address and telephone number are particularly important, as we can use this information to identify you in our system the next time you want to log in again. Furthermore, we would like to ask you to choose your password carefully. Do not use the same password on multiple websites and follow our relevant password requirements.
Categories of personal data:
Profile data (master data)
WayLegal basis:
Art. 6 para. 1 (b) GDPR, performance of contract
Login
If you already have an existing customer account, you will need to enter your email address and password to log in. If we detect irregularities during registration, such as entering the wrong password several times, we will take appropriate measures to prevent damage to you and us.
Categories of personal data:
Profile data (master data)
Legal basis:
Art. 6 para. 1 (b) GDPR, fulfilment of contract for registration;
Art. 6 para. 1 (f) GDPR, for the security measures
Single-Sign-On with Facebook
If you have a Facebook profile, you can register on our website to create a customer account or to register using the social plugin "Facebook Connect" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), within the framework of the so-called Single Sign On technology. You can recognize the social plugins of "Facebook Connect '' on our website by the white button with the Facebook logo and the inscription 'Connect with Facebook '' . If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. These data processing operations are carried out in accordance with Art. 6 Para. 1 (f) GDPR on the basis of Facebook's legitimate interest in the display of personalised advertising on the basis of surfing behaviour.
By using this "Connect with Facebook" button on our website, you can also log in or register on our website using your Facebook user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile when using the Facebook "Facebook Connect" button on Facebook, depending on your personal data protection settings on Facebook. This information includes user ID, name, profile picture, age and gender.
We would like to point out that after changes have been made to Facebook's data protection conditions and terms of use, your profile pictures, may also be transferred if they have been marked as "public" in your Facebook privacy settings. The data transmitted by Facebook is stored and processed by us for the creation of a user account with the necessary data, if this has been released by you on Facebook (title, first name, surname, address data, country, e-mail address, date of birth). Conversely, we can transfer data (e.g., information on your surfing behaviour) to your Facebook profile because of your consent. The consent given can be revoked at any time by sending a message to us. Facebook Inc., headquartered in the USA, is certified for the US European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Categories of personal data:
Profile data (master data)
Contact Information
Facebook profile information
Legal basis:
Art. 6 para. 1 (a) GDPR, Consent
Managing your profile
You can log in to your profile at any time and change your personal data, such as name, address, or telephone number. To change your email address you can contact us at vyctoapp@gmail.com
Categories of personal data:
Profile data
Communication data
Legal basis:
Art. 6 para. 1 (b) GDPR, performance of contract
Participation processing
Once you have successfully registered and decided to take part in a competition, we will store this information in your profile and process it in further processes so that we can ensure your competition submission has followed through. When you submit your “predictions”, your personal data is transferred to our backend where it is transferred to other systems for further processing.
Categories of personal data:
Contact Information
Submission Information
Legal basis:
Art. 6 para. 1 (b) GDPR, fulfilment of contract
Advertising and marketing
Direct marketing (Notifications of Results + Newsletters)
Newsletter
If you have provided us with your email address and consent to receive emails when signing up we reserve the right to send you “cool” offers, upcoming giveaways, and notification about the release of results of competitions you’ve entered in. The contents of our newsletters vary, and so do the technologies and criteria we use to design our newsletters and segment customer groups. For example, a group of customers may receive a special newsletter promoting upcoming new competitions. Other newsletters may refer to information specific to competitions users have entered in.
If automated decision making leads to a negative result for you and you do not agree with this, you can contact us at gdpr@vycto.com. In this case, we will individually assess the circumstances of your case.
Categories of personal data:
Contact Information
Legal basis:
Data processing in this respect takes place solely on the basis of our legitimate interest in personalised direct advertising pursuant to Art. 6 Para. 1 lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you an email. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with effect for the future by notifying the person responsible named at the beginning. For this purpose you only incur transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.
NPS
We are constantly striving to improve our services. Your constructive feedback is very important to us. Therefore, we will occasionally send you customer surveys and ask you to give us your opinion. If you do not wish to receive customer surveys, you can unsubscribe at any time. For any customer survey request you can click "unsubscribe" below and we will not contact you again.
Categories of personal data:
Communication data
Legal basis:
Art. 6 para. 1 (f) GDPR, legitimate interest.
Our legitimate interest is the purpose described above.
COOKIES 🍪
We use cookies on our Site and in the Services to distinguish you from other users of our Site and Services. This helps us to provide you with a good experience when you browse our Site and also allows us to improve the Site and Services. Full details of the cookies we use are set out in our Cookie Policy.
DO NOT TRACK
We support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the “Preferences” or “Settings” page of your web browser.
Legal basis:
If processing takes place with your consent, the legal basis is Art. 6 Para. 1 (a) GDPR, namely your consent. Otherwise, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR. Our legitimate interest lies in the aforementioned purpose.
User Experience Surveys:
We always develop new features and try to adapt our services to the wishes of our customers. In order to measure the effectiveness of these changes, we regularly offer interviews with our User Experience team. In these interviews we record your usage behavior and ask you for possible optimization possibilities. Participation in the interviews requires your consent. If you have already given your consent and would like to revoke it for the future, you can do so at any time by sending an email to gdpr@vycto.com. In this case we will exclude you from participating in our interviews and you will not receive any further invitations for them.
Categories of personal data:
Contact Information
Legal basis:
Art. 6 Para. 1 (a) GDPR, Consent
Fraud prevention and security of our platform
In order to protect our customers and our platform from possible attacks, we continuously monitor the activities on our website. To this end, we use various technical measures to ensure that suspicious behavior patterns are detected at an early stage and prevented in good time. To achieve this goal, several monitoring mechanisms run in parallel and prevent potential attackers from accessing our website at all.
The decision-making process is automated and can have a legal effect on the person concerned or affect them in a similar way. If automated decision making leads to a negative result for you and you do not agree with this, you can contact us at gdpr@vycto.com. In this case, we will individually assess the circumstances of your case.
Categories of personal data:
Contact information
Profile data (master data)
Legal basis:
Art. 6 Para. 1 (f) GDPR, Legitimate Interest
Merger & acquisitions, change of ownership
We would also like to inform you that in the event of a merger with or acquisition by another company, we will disclose information to that company. Of course, we will require the company to comply with the legal data protection regulations.
Categories of personal data:
Contact Information
Profile data (master data)
Past Competition Information
Legal basis:
Art. 6 para. 1 (f) GDPR, legitimate interest
Our legitimate interest is the purpose described above.
Coupons/Vouchers/Rewards
We often offer coupons and gifts to our users. The reasons can vary. The purpose of these coupons and gifts is to reward our loyal customers for specific performances in competitions and encourage them to continue to be loyal customers. In some cases, the “sponsors” on our platform might also want to offer a gift to you. To be able to check the number, the value and the frequency of use of the coupons/vouchers, but also to avoid misuse of these vouchers, we collect various personal data.
Categories of personal data:
Profile data (master data)
Voucher information
Legal basis:
Art. 6 para. 1 (f) GDPR, legitimate interest
Our legitimate interest is the purpose described above.
Service providers
We use different data processors in our daily processing. These process your personal data in accordance with the requirements of Art. 28 GDPR only according to our instructions and have no claims whatsoever on these data. We also monitor our processors and include only those who meet our high standards. Because we use different data processors and change them from time to time, it is not appropriate to identify specific recipients of personal information. However, if you are interested, we will be happy to disclose the name of the processor(s) in use at that time upon request.
Third parties
In addition to data processors, we also work with third parties, to whom we also transmit your personal data, but who are not bound by our instructions. These are, for example, our consultants, lawyers or tax consultants who receive your data from us on the basis of a contract and process your personal data for legal reasons or to protect our own interests. We do not sell or rent your personal data to third parties under any circumstances. This will never take place without your explicit consent.
Prosecuting authorities and legal proceedings
Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases, we are not only obliged to hand over personal data due to legal obligations, it is also in our interest to prevent damage and to enforce our claims and to reject unjustified claims.
Social Media Fanpages
We have profiles on various social media platforms on which we advertise our products and interact with customers. Since we operate these profiles on third-party platforms, each time you visit these social media channels the operators collect different personal data from you.
Responsibilities
We and the respective operators of the social media platforms act as joint controllers. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.
The social media platforms Facebook and Instagram are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
We are responsible for all interactions on our own platforms. The operators of the social media platforms themselves are data controllers for general interactions and interactions outside our profiles. An exception applies to the data processing described below for the usage analysis (page insights); we are jointly responsible with Facebook for this.
The following links will show you exactly which data is collected by the respective social media operators:
Data processing
For pages, Facebook provides page administrators with statistics and insights that help them understand the types of actions people take on their pages ("Page Insights"). When you visit or interact with a Page or its content, information such as the following may be collected and used to create Page Insights:
Viewing a Page, or a post or video from a Page
â—Ź Following or unfollowing a Page
â—Ź Liking or unliking a Page or post
â—Ź Recommending a Page in a post or comment
â—Ź Commenting on, sharing or reacting to a Page post (including the type of reaction)
â—Ź Hiding a Page's post or reporting it as spam
â—Ź Clicking a link to a Page from another Page on Facebook or from a website off Facebook
â—Ź Hovering over a Page's name or profile picture to see a preview of the Page's content
â—Ź Clicking on the website, phone number, Get Directions button or other button on a Page
â—Ź Whether you're on a computer or mobile device while visiting or interacting with a Page or its content
We and Facebook are jointly responsible for the processing of your data for the provision of page insights. For this purpose, we and Facebook have agreed in an agreement which and a division of our data protection obligations according to Art. 26 GDPR shall be agreed.
Your data subject rights
For all data processing on this website, we are solely responsible for processing your data in accordance with data protection regulations. As part of our agreement with Facebook, we have determined that Facebook is primarily responsible for fulfilling its information obligations in connection with the Page Insight data and for ensuring that you exercise your rights under the GDPR. For more information about your data subject rights on Facebook, please see Facebook's Page-Inside Privacy Policy.
Data processing outside the EU
We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are based outside the EU and the EEA. The GDPR has high requirements for the transfer of personal data to third countries. All our data receivers have to measure up to these requirements. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be shortlisted for service providers.
Regardless of whether our service providers are located within the EU/EEA or in third countries, each service provider must sign a data processing agreement with us. Service providers outside the EU/EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to service providers that meet at least one of the following requirements:
a. Commission has decided that the third country ensures an adequate level of protection (e.g. Canada): adequacy decision
b. Standard data protection clauses adopted: These are contractual clauses which cannot be modified by the contracting parties and in which they undertake to ensure an adequate level of data protection.
c. Qualification for an Exemption by the EU Commission
Right of modification
We reserve the right to change this data protection declaration in compliance with the statutory provisions. We will inform you of any significant changes, such as changes of purpose or new purposes of processing.
Last update: November 2022