Privacy Policy for the “Limited” App
Valora Schweiz AG (hereinafter “Valora” or “we”) takes the protection of personal information very seriously. By means of this Privacy Policy, we wish to inform you how your personal data is processed in connection with your use of the Limited Web App (“App”). The App is a browser-based Valora application provided in the form of a Progressive Web App (PWA) that enables registered users to secure exclusive offers (“Deals”) limited in time and quantity and redeem them at participating points of sale using QR codes. In doing so, we comply with the requirements of the Swiss Data Protection Act and the General Data Protection Regulation (EU).
1. Data Controller and Data Protection Officer
The Data Controller for the processing of your personal information in connection with this App is Valora Schweiz AG, Hofackerstrasse 40, CH-4132 Muttenz. Our company Data Protection Officer can be reached by sending an email to dataprivacy@valora.com or a letter to our mailing address (please add “Attn: Data Protection Officer”).
2. Types of data, purposes, and legal basis
Valora uses the data that you share in connection with the Limited Web App to ensure that the App runs properly, to process Deals and coupons, and to comply with the legal requirements for the protection of minors. Further details are provided in this chapter:
2.1 Data processing during registration
In the course of registration, we process your contact and login data, i.e. your valid mobile telephone number (including verification by SMS or telephone call) as well as your email address. We also record your age using a “soft age gate”, i.e. your confirmation that you are of legal age or your date of birth – if you have provided it. This enables us to restrict the display of nicotine and alcohol products to users in the appropriate age groups. Such data processing is performed to fulfil the Terms of Use (particularly for access to the App, account management and communications with you), to comply with legal requirements for the protection of minors, and on the basis of our legitimate interest in the security of the App and prevention of misuse.
2.2 Age verification for tobacco and alcohol deals (18+)
To redeem tobacco and alcohol deals, a prior age check is required. It is carried out by an external, specialised service provider and may entail the examination of an identification document as well as temporary access to your device’s camera. The actual verification (including the document type, country of issue, and further test criteria) is performed at the external service provider’s. Valora receives neither the identification document itself nor an image of it, but merely the outcome of the verification (e.g. “age verification passed” or “failed”) as well as a technical time-stamp, as evidence that an age check was performed. In certain cases, such as technical malfunctions or complaints, Valora may inspect the individual verification requests in order to clarify the cause of a fault. Such inspection is performed exclusively for support and evidentiary purposes. This data processing is used to comply with the legal requirements for the protection of minors (particularly in connection with tobacco and alcohol), the prevention of unauthorised redemptions, and protection against misuse. The underlying legal bases are statutory obligations (protection of minors), fulfilment of the Terms of Use, as well our legitimate interests in ensuring a lawful offer free from misuse.
2.3 Deals, Coupons & Redemption
Whenever you secure or redeem a Deal, we record the time of securing and redeeming it, the related product and format information (e.g. which product, which point-of-sale format, such as “k kiosk” or “avec”) as well as the relevant coupon data (particularly the QR code and validity period). Such information is assigned to your user account or to your user ID. This data is processed for the purposes of arranging the deals, preventing multiple use or fraud, and optimising our service offer. The underlying legal bases are the existing Terms of Use between you and us as well as our legitimate interest in secure and efficient execution of the Deals.
2.4 Analytical data on usage of the App
We analyse data regarding your usage of the App, such as which product categories you access, as well as your usage data and interactions related to Deals and visit times. These evaluations help to improve the technical performance and content of the App, to design our Deals in a more user-friendly manner, and to increase the relevance of the displayed content. Where possible, the analyses are carried out in pseudonymised or anonymised form. The underlying legal basis of such data processing corresponds to our legitimate interests in developing and optimising the App.
2.5 Direct advertising & in app notices
We may use banners or similar elements within the App in order to display attractive offers and other information relevant to you. The display of such in-app notices is based on our legitimate interests in tailoring our offer to users and providing you with relevant Deals and information.
If you enable push notifications, we will also process your device’s terminal’s technical identifier so that we can route the appropriate notifications to you. You can enable or disable push notifications when configuring the App and change your decision at any time in the device settings. Push notifications will not be displayed without your consent.
Our advertising partners are liable for their own content and deals. Valora assumes no liability for such content and deals.
3. Automated decision-making and Profiling
The App adjusts certain content based on the information you have provided (e.g. your interests) as well as your age category, in order to display deals that are relevant to you. This adjustment is based exclusively on the settings you have selected yourself and does not constitute profiling within the meaning of the Federal Act on Data Protection. No automated decision-making takes place.
4. Sharing of personal information
4.1 Within the Valora Group
To the extent necessary for making this App available or for Valora’s other legitimate interests, Valora may share your data with other members of the Valora corporate group.
4.2 Service Providers
Valora may transfer certain tasks and data to third parties commissioned by it (“Service Providers”) in order to ensure proper operation, maintenance and the various functionalities of this App. These include, in particular, an external provider to perform age verification, an SMS gateway provider to verify the mobile telephone number you provided, and hosting and cloud providers that ensure the technical operation of the Progressive Web App (PWA) and the secure storage of the data.
The Service Providers are data processors commissioned by Valora and contractually bound to the purposes of processing described hereunder. In particular, they are permitted to process your data only in the performance of their contractual duties to Valora and applicable statutory obligations. If we are involved in a merger, joint venture, corporate acquisition or sale, or a sale of assets, we may disclose your data to a transaction partner for further processing. No further disclosure of your personal data to other recipients shall be made unless prescribed by law, necessary for the enforcement of Valora’s rights or claims, or expressly authorised by you.
4.3 Disclosure in connection with criminal proceedings
To the extent permitted by law, we may disclose information that is necessary or beneficial to investigate or prevent an actual or suspected criminal offense or other violation of our or a third party’s rights.
4.4 Aggregated and anonymised analytical data:
Valora may publicly disclose (aggregated) and non-personal (anonymised) data or share such data with further partners. For example, Valora may potentially publish such information in order to highlight trends in customer behaviour. In such cases, you will no longer be personally identifiable from such data.
5. Place of processing and transmission to third countries
Your data will be processed in Switzerland and in member states of the European Union. In order to store your data securely in our customer database, we use a Cloud service provider that provides data processing centres in Europe. Moreover, we are entitled to communicate your personal data to third-party companies abroad, especially subsidiaries, to the extent necessary for processing purposes. In so doing, we shall of course comply with the statutory provisions governing the disclosure of personal data to third parties. Such third parties shall be bound to data protection to the same extent as we are. If the standard of data protection in a country is not equivalent to that of Switzerland, we shall enter into a contract ensuring that the protection of your personal data will be equivalent to that in Switzerland at all times. To that purpose, we will either enter into the recognized standard contractual clauses (including their Swiss annex) with the recipient or the recipient must be able to demonstrate that it is self-certified under the Data Privacy Framework (EU-US/CH-US).
6. Storage period of your personal information
All of your stored personal information will be stored by Valora (and/or by related entities or third-party service providers commissioned by Valora) only so long as necessary for use of the App or so long as permitted or required by law.
User accounts will be deleted unasked after two years of inactivity.
- Registration data: Such data is used for the duration of the user account.
- Analytical data: Upon deletion of the user account, personal analytical data is deleted, as well.
- Age verification data: The outcome of the age check (e.g. confirmation of “over 18”) will be stored until the user account is deleted. The actual verification will be performed by an external service provider, which will delete the documents and image data used for verification shortly thereafter (as a rule, within a few days after completion of the verification).
However, aggregated or anonymised data that no longer identifies individual users may continue to be used for internal purposes.
7. Your rights related to your personal information
- Revocation of consent: In the case of data processing operations to which you have granted consent, you are entitled to revoke such consent at any time. You can adjust your personal settings directly in the App. Since you can consent to a variety of functionalities, in case of a revocation of your consent, only the function for which you revoked your consent will be disabled or limited.
- Objections: You may object at any time to data processing operations that we perform based on our legitimate interests, as well as processing for the purpose of direct marketing.
- Right to information and right to transfer: You are also entitled to find out from us which of your personal information we process to what purposes and on what legal grounds, and to request a free copy of your personal information. At your request, we can forward the copy to a third-party data controller, if technically feasible and not unreasonably costly.
- Right to rectification: If your personal information is incomplete or incorrect, you have the right to demand rectification thereof. You can rectify some of the information yourself in the App’s Customer Centre.
- Right to erasure: You are entitled to have your personal data erased under certain circumstances. In certain cases, the right to erasure may be excluded. You are entitled at any time to erase your customer account and the related data by yourself. The permanent erasure of the customer account will take place 30 days after you have requested deletion. We need that period to verify the lawfulness of your request for erasure and to prevent fraud. Please note that uninstalling the App will not automatically erase your customer account and that your information will remain intact in case you decide to reinstall the App later on. If your account is blocked by reason of a breach of the terms of the loyalty program, certain data may remain stored for a period of two years for the purpose of fraud prevention before it is permanently erased. In certain cases, your right to erasure may therefore be restricted in such situations.
- Right to restriction: You may demand restrictions on the processing of your personal information.
8. Exercising your Rights & Contacting the Data Protection Officer
If you wish to exercise your above-described rights or have other questions about the processing of your personal information, please contact our company Data Protection Officer by sending an e-mail to dataprivacy@valora.com or a letter to our mailing address, adding the words “Attn: Data Protection Officer”. To enable our Data Protection Officer to classify your query as quickly as possible, it is best to add “Limited App” in the subject line of your message.
9. Right to lodge a complaint
If you believe that your data is not processed lawfully or that your rights were not adequately protected, you may complain to the competent supervisory authority.
10. Cookies and Analytics Tools
The Limited App is a Progressive Web App (PWA) and is generally operated without marketing cookies. For core functions, local storage technologies (e.g. local storage) may be used. If analytical or marketing cookies are used in future, we will inform you in advance and offer you choices.
11. Updates to this Privacy Policy
Please note that this Privacy Policy is subject to change at any time without prior notice. Please check this App Data Protection Policy for changes on a regular basis. We label changes with an additional label such as “new” or “update”. All changes will enter into effect immediately upon publication of the revised App-Data Protection Policy in this App.
Last updated: November 2025