Data Controller
DrinkLink is the data controller for personal data collected through this App.
Contact: drinklink.official@gmail.com
This Privacy Policy explains what data we collect, why we collect it, and your rights. It applies to all users of the DrinkLink mobile application and website.
1. Data We Collect
We collect the following categories of data:
- Account data: email address, account type (brewery / winery / distillery / innkeeper), registration timestamp
- Business data: company name, address, city, country, phone number, contact email, product listings, order history
- Location data: GPS coordinates (latitude/longitude) collected during asset scanning, driver QR verification, and distance calculations
- Device data: device model, Android version, unique device identifier (Android ID) used for audit trails and scan tracking
- Push notification tokens: Firebase Cloud Messaging (FCM) tokens for sending order and business notifications
- Usage data: scan history, user interactions, session data, app performance metrics
- Images: company banner photos and product images uploaded by users
2. How We Use Your Data
We process your data for the following purposes and on the following legal bases:
- To provide and operate the App (contract performance)
- To manage orders and business communications between producers and hospitality businesses (contract performance)
- To verify driver identity via QR sessions (legitimate interest — security)
- To show distance to nearby companies using GPS (legitimate interest — app functionality)
- To send push notifications about orders and app activity (legitimate interest — service communication)
- To track asset movements via device ID (legitimate interest — audit and accountability)
- To improve app performance and fix bugs (legitimate interest — service improvement)
- To comply with legal obligations (legal obligation)
3. Data Sharing and Third Parties
We share your data only with the following third-party processors:
| Processor | Purpose | Location |
|---|---|---|
| Google Firebase (Firestore, Auth, Storage, FCM, Analytics, Cloud Functions) | All data storage, authentication, push notifications, and backend processing | USA / EU |
| Google Places API | Address autocomplete functionality | USA / EU |
We do not sell your personal data. We do not share your data with third parties for marketing purposes. Business data (company names, product listings) may be visible to other registered business users of the platform as part of normal App functionality.
4. International Data Transfers
Your data is stored and processed on Google Firebase servers, which may be located outside Serbia and the EU/EEA, including in the United States. Google LLC participates in data transfer frameworks and provides appropriate safeguards (Standard Contractual Clauses) as required by applicable data protection law.
5. Data Retention
We retain your data for as long as your account is active. Specific retention periods:
- Account and business data: retained while your account is active, deleted within 90 days of account closure
- Order history: retained for 3 years for business record-keeping purposes
- Location data: not stored permanently — used only during active operations and not retained after the session ends
- Driver QR sessions: automatically expire based on the validity period set when created
- Push notification tokens: retained while your account is active
- Device identifiers: retained for the duration of the account for audit trail purposes
6. Your Rights
Under applicable data protection law, you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data
- Right to restriction — request that we limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
To exercise any of these rights, contact us at drinklink.official@gmail.com. We will respond within 30 days.
www.poverenik.rs
7. Children
DrinkLink is a B2B platform for business users only. We do not knowingly collect data from persons under 18 years of age. If you believe a minor has registered, please contact us at drinklink.official@gmail.com and we will delete the account.
8. Security
We implement appropriate technical and organisational measures to protect your data, including Firebase security rules, encrypted data transmission (HTTPS), session token verification for driver access, and automatic session expiry.
However, no system is completely secure. Please notify us immediately at drinklink.official@gmail.com if you suspect any unauthorised access to your account. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.
9. Analytics and Tracking
The App uses Firebase Analytics to collect anonymised usage statistics to help us improve the App. Firebase Analytics may use device identifiers for attribution purposes. You can opt out of Firebase Analytics data collection by adjusting your device's advertising settings.
10. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App. The date at the top of this page indicates when it was last updated. Continued use of the App after changes are posted constitutes acceptance of the updated policy.
📧 Contact
For privacy questions, data requests, or to exercise your rights:
Website: drinklink-official.web.app