Privacy Notice for Ostras Descuentos

Last updated: 9th of October, 2025

Thank you for trusting Ostras Descuentos (hereinafter, “Ostras”, “we,” “us,” and “our”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (“GDPR”). This Privacy Notice explains how your personal data is collected, used, shared, and protected when you access or use our Website or mobile application (“App”) called “Ostras Descuentos.”

1. Controller

The data controller responsible for your personal data is:

Ostras OÜ
Registered Office: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551 (Estonia)
Email: info@ostrasdescuentos.com.

 

2. Purposes of Processing, Legal Basis, and Categories of Personal Data

We process your personal data only as permitted by law, including:

Purpose of Processing
Legal Basis
Personal Data Collected

Creating and managing users’ accounts: this includes establishing your user profile, issuing secure login credentials, updating account details, providing technical support, and resolving account-related issues to ensure smooth operation of the App.

Performance of the Terms and Conditions.

  • Information you provide during account creation: name, email address and password, and zip code of your residence (“Account Information”).

Validate information about Product purchases to be able to assign points and provide rewards: this includes checking the scans of payment receipts and photos of the Products, including their labels.

Performance of the Terms and Conditions.

  • Account Information.
  • Information on the payment receipts, such as the name of the store you visited, the date, the amount you paid, the Products you bought, and the payment means (e.g., cash or card, and, in the latter case, the payment receipt may show the last four digits of your card) (“Product-Related Information”).

Send promotional communications by email or [or in-app push notifications]: these include communications about promotions in shops near you or new features of our App.

Consent.

(You may withdraw your consent at any time by contacting us or using the unsubscribe link in our emails.)

  • Name.
  • Email address.
  • Product-Related Information.

Show personalized promotions of Products in the App: this includes promotions at shops you visited and/or Products you previously purchased.

Consent.

(You may withdraw your consent at any time by contacting us or using the unsubscribe link in our emails.)

  • Account Information.
  • Product-Related Information.

Market analysis & understand trends: we use information provided through our App to analyse where you shop and what Products you buy near expiration, allowing us to create anonymous reports to understand market trends that are shared with Product manufacturers, retailers, and other industry stakeholders for purposes like optimizing inventory management, enhancing marketing strategies, and improving product offerings.

Our legitimate interest in anonymizing the personal data for the purposes listed in the left-side column.

(You may object to us processing your personal data for this purpose.)

  • Account Information.
  • Other information you provide during account creation: gender and age.
  • Product-Related Information.
  • Information about how you use our App, for example, how many times you access it and whether you interact with any Product promotions.

Improve quality of our Services and develop new products/services: carefully analyse user interactions, preferences, and feedback

Legitimate interest in promoting the usage of the App and acquiring new users.

(You may object to us processing your personal data for this purpose.)

  • Any of the abovementioned information.
  • Any feedback we receive.

Comply with legal obligations

Legal obligation, including keeping a record of your consent in accordance with the GDPR and replying to requests by public authorities.

Potentially any of the abovementioned information.

3. Data Sources

We collect your personal data:

  • directly from you (e.g., when you create an account or upload information about the Products you purchased); and
  • automatically (e.g., through cookies or similar technologies—see our cookie policy for details)

4. Processing of Data in CPL (Cost Per Lead) Campaigns

4.1 What are CPL campaigns and how do we collect data?

In certain advertising campaigns (CPL), we provide lead generation forms on platforms such as Meta (Facebook/Instagram) or other advertising services. Users voluntarily provide personal information when completing and submitting these forms.

4.2 Principles Applicable to Data Processing

We process your data in accordance with the following legal principles:

  • Lawfulness, fairness, and transparency – your data is processed in a lawful and transparent manner.

  • Purpose limitation – data is collected for specified, explicit, and legitimate purposes only.

  • Data minimization – we only collect data that is adequate, relevant, and necessary for the intended purposes.

  • Accuracy – we take reasonable steps to ensure that personal data is accurate and kept up to date.

  • Storage limitation – personal data is retained only for as long as necessary to fulfill its purpose or comply with legal obligations.

  • Integrity and confidentiality – we ensure the security of your data, protecting it against unauthorized access, loss, or damage.

  • Accountability (proactive responsibility) – we are responsible for, and able to demonstrate, compliance with these principles at all times.

4.3 Purpose of processing

We use the data for the following purposes:

  • To manage the delivery of information, services, or products requested by you.

  • To send commercial communications, promotions, newsletters, updates, and offers, provided that you have given your consent.

  • To carry out internal statistics and analysis for the improvement of our website, products, or services.

  • To manage any commercial or contractual relationship that may arise.

  • To comply with the legal obligations applicable to us.

4.4 Legal basis for processing

The legal basis for processing your data is as follows:

  • Your explicit consent, given by ticking the corresponding checkbox on our forms or by voluntarily submitting your information through our lead generation forms on advertising platforms.

  • The performance of a contract or pre-contractual measures, when the processing of your data is necessary to manage a request, order, or service you have initiated with us.

  • Compliance with legal obligations, where data processing is required to fulfill applicable laws, regulations, or lawful requests from competent authorities.

  • Our legitimate interest, when processing is necessary to improve our services, manage marketing activities lawfully permitted under current regulations, or ensure the proper operation and security of our website and advertising platforms.

4.5 Data collected

Depending on how you interact with us, we may collect the following information:

  • First and last name

  • Email address

  • Phone number

  • Postal code

  • IP address

  • Technical data related to your device and browsing activity (such as browser type, operating system, pages visited, time spent on each page)

  • Any other information you voluntarily choose to provide us

4.6 Disclosure to third parties / data processors

Data will not be shared with third parties except with data processors strictly necessary for the management of the campaign (e.g., advertising platforms or lead management systems).
These processors are bound by contractual clauses ensuring confidentiality, data security, and compliance with the GDPR.

4.6 User rights

Users may exercise at any time the rights granted by data protection regulations:

  • access

  • rectification

  • erasure

  • objection

  • restriction of processing

  • data portability

  • withdrawal of consent

To exercise these rights, users may contact us at: info@ostrasdescuentos.com 

4.8 Data Retention Period

We will retain your data:

 

  • For as long as a commercial relationship exists or until you withdraw your consent.

  • For the period required by applicable regulations to address potential legal responsibilities.

  • For anonymized statistical purposes, data may be kept for a longer period in an aggregated and non-identifiable form.

4.9 Changes to this section

We reserve the right to modify this section to adapt it to regulatory changes or new functionalities. When substantial changes are made, we will communicate them appropriately.

5. Sharing Your Personal Data

Your information may be shared only where necessary with:

  • service providers: for hosting, analytics, email delivery, customer support, and marketing assistance, we impose contractual obligations on these service providers to ensure the protection of your personal data;
  • legal and regulatory authorities: to comply with laws, regulations, or legal requests;
  • business transfers: in connection with mergers, acquisitions, reorganizations, asset sales, joint ventures, insolvency proceedings, or any other corporate restructuring, your personal data may be transferred to successors, affiliates, or third parties involved, subject to applicable legal and contractual obligations to protect your personal data; and
  • with your consent: where you explicitly allow it.

6. International Data Transfers

Your data may be transferred outside the European Economic Area in accordance with data protection laws. We rely on:

  • adequacy decisions: transfers are made to countries deemed to provide adequate protection by the European Commission; and
  • appropriate safeguards: for other countries, we ensure appropriate safeguards (such as European Commission-approved Standard Contractual Clauses) are in place.

You may request a copy of these safeguards by emailing info@ostrasdescuentos.com.

7. Your Rights Under GDPR

You have the following rights concerning your personal data:

  • right to access: that we provide you with information about how we process your personal data and a copy of your personal data;
  • right to rectification: that we correct inaccurate, outdated, or incomplete personal data;
  • right to erasure: that we delete your personal data in certain circumstances;
  • right to restriction: that we suspend the processing of your personal data for certain purposes and in certain circumstances;
  • right to object: that we stop processing of your personal data for our legitimate interests, including for sending you direct marketing;
  • right to data portability: that we provide you with the personal data you provided to us in a structured, commonly used, machine-readable format, or transfer it to a third party;
  • right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time with effects to the future; and
  • right to lodge a complaint: with a data protection authority, such as the Spanish data protection authority (Agencia Española de Protección de Datos).

To exercise your rights, email us at info@ostrasdescuentos.com.

8. Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. More specifically:

  • we delete accounts (and the information associated with them) that have been inactive for more than 12 months; and
  • we render anonymous the information you uploaded to the App about the Products you purchased (e.g., scans of payment receipts, photos of labels and Products, and the shops you visited) after 12 months.

9. Contact Us

If you have any questions or concerns about how we use your data, please contact:

Ostras OÜ by email at: info@ostrasdescuentos.com

Click to earn rewards