Privacy Policy

Last Updated: August 1, 2025

Introduction

At Gamma, we are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This Privacy Policy outlines how we collect, use, store, and protect your personal data when you use our Loyalty Reward Platform, including both the Retailer and Client applications.

1. Data Controller and Data Processor

Retailers act as Data Controllers for any client-related personal data they collect and manage within the platform. Gamma acts as a Data Processor on behalf of Retailers and as a Data Controller for platform user data (e.g. login identifiers).

2. What Data We Collect

We collect only the minimum data necessary to provide our services:

Retailer Users:

  • Business registration information (e.g., company name, tax ID)
  • Account credentials (email, password)
  • Contact details (business phone number, optional email)

Client Users:

  • Phone number (mandatory)
  • Nickname (mandatory)
  • Optional: email (if used for notifications or account recovery)
  • Device fingerprint for authentication (stored only locally, never transmitted)

We do not collect or store biometric data (e.g., fingerprints, facial recognition).

3. How We Use Your Data

We use your data only to:

  • Create and manage user accounts
  • Facilitate reward transactions between clients and retailers
  • Monitor reward limits in compliance with EU rules
  • Provide technical and customer support
  • Improve our platform performance and user experience

We do not sell or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We rely on the following lawful bases to process your data:

  • Consent (e.g., when users agree to the terms and register)
  • Contract (e.g., providing services as agreed)
  • Legitimate Interest (e.g., to ensure service security and performance)

5. Data Storage and Security

We take security seriously and implement:

  • Encrypted transmission of all data
  • Role-based access control for internal systems
  • Data minimization and pseudonymization where applicable
  • Storage on GDPR-compliant servers located in the EU

Client biometric authentication is device-side only and never leaves the user’s device.

6. Data Retention

Retailer data is retained for the duration of the service agreement. If a user disables their account, their phone number and email (if any) are immediately and permanently deleted.

Client data is retained as long as the account is active. If a user disables their account, their phone number and email (if any) are immediately and permanently deleted.

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Delete your data (right to erasure)

To exercise any of these rights, contact us at: [email protected]

8. Data Sharing and Third Parties

We only share data with:

  • Public authorities when required by law

All processors are located in the EU or provide adequate safeguards under GDPR (e.g., Standard Contractual Clauses).

9. Cookies and Tracking Technologies

We use strictly necessary cookies to:

  • Authenticate users
  • Maintain session integrity

We do not use advertising or third-party tracking cookies.

10. Changes to This Privacy Policy

We may update this policy from time to time. Users will be notified of significant changes via the platform or email.

Contact Us

For questions or concerns about this policy, contact our Data Protection Officer (DPO):

Email: [email protected]

This Privacy Policy is made in compliance with Regulation (EU) 2016/679 (GDPR) and complements our Terms and Conditions.