โ† Back to Homepage

Privacy Policy

(As of: September 2025)

We place great importance on protecting your personal data. The processing of your data is carried out exclusively on the basis of legal provisions (GDPR, TKG 2021). Below we inform you about the most important aspects of data processing in the context of our website, mobile app, and operator dashboard.

1. Responsible Party

MapMyVend
Owner: Tobias Domanig
Address: Zelsach 7, 9852 Trebesing, Austria
Email: office@mapmyvend.com

Phone: +43 660 6471808

2. Data Collection on Our Website

2.1 Server Log Files

The following data is automatically collected with each access to our website:

  • IP address
  • Date and time of access
  • Name of the requested file
  • Browser type and version
  • User's operating system
  • Referrer URL

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and stable provision of the website).
Storage duration: 14 days, then automatic deletion.

2.2 Cookies

Our website uses cookies:

  • Necessary cookies (for login, session, security)
  • Analytics cookies (Google Analytics)

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie banner).
Storage duration: max. 26 months or until revocation.

2.3 Web Analytics with Google Analytics

We use Google Analytics (Google LLC, USA).

Data: shortened IP address, usage behavior, session data
Transfer to the USA: based on the EU-US Data Privacy Framework (Google is certified)
Storage duration: 26 months
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
Further information can be found in Google's privacy policy: ๐Ÿ‘‰ https://policies.google.com/privacy

3. Payment Processing (Stripe)

For payment processing, we use Stripe Payments Europe Ltd., Ireland.

Data: Name, billing address, email, credit card data, bank account, IP address, transaction data
Transfer to the USA: based on the EU-US Data Privacy Framework
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. f GDPR (legitimate interest in secure processing)
Further info: ๐Ÿ‘‰ https://stripe.com/privacy

4. Use of Our Mobile App

4.1 Processed Data

  • Location data (GPS, if released by the user)
  • Search queries & favorites
  • Account data (name, email, password hash)
  • Ratings & feedback

4.2 Purposes

  • Location-based display of vending machines/sales points
  • Personalized favorites & navigation functions
  • Abuse prevention & security

4.3 Legal Bases

  • Contract performance (Art. 6 para. 1 lit. b GDPR)
  • Consent (Art. 6 para. 1 lit. a GDPR โ€“ location, push notifications)
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR โ€“ IT security)

4.4 Storage Duration

  • Location data: only temporary, no permanent storage
  • Account data: as long as account exists + 7 years after contract end (tax law obligations)
  • Ratings: until account deletion or revocation

5. Use of the Operator Dashboard

5.1 Processed Data

  • Account data (name, email, login data, company name)
  • Contract and billing data (Stripe)
  • Registered vending machine locations, statistics, administrative data
  • Support requests

5.2 Legal Bases

  • Contract performance (Art. 6 para. 1 lit. b GDPR)
  • Legal obligation (Art. 6 para. 1 lit. c GDPR โ€“ tax retention)
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR โ€“ platform security, support)

5.3 Storage Duration

  • Contract & payment data: 7 years (ยง 132 BAO, ยง 212 UGB)
  • Log & activity data: 12 months

6. Hosting & Infrastructure

Our systems are operated by the following service providers:

  • Hetzner Online GmbH (Germany) โ€“ Hosting & Storage
  • Amazon Web Services (AWS) RDS, Ireland โ€“ Database

Data processing agreements (DPA) according to Art. 28 GDPR exist with both providers.

7. Your Rights

You have the right to:

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of given consents (Art. 7 GDPR)

Complaints can be directed to us or to the Austrian Data Protection Authority (www.dsb.gv.at).

8. Data Security

We implement technical and organizational measures (TLS encryption, access restrictions, backups, logging) to protect your data from loss, misuse, or unauthorized access.

9. Updates

This privacy policy is regularly reviewed and adjusted. The current version is available on our website.

Privacy and Cookies

We use cookies and similar technologies to enhance your experience on our website. Some are necessary for functionality, others help us optimize the website. You can withdraw your consent at any time. For more information, please see our privacy policy.