Privacy Policy for the Use of the Website and Web Application RevWize

As of: April 14, 2025

PebbleByte GmbH ("we", "us") takes the protection of your personal data very seriously. This privacy policy informs you as a (registered) (business) customer and as a visitor to the website about the type, scope, and purpose of the collection, processing, and use of your data as well as your rights under the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

Contract language: The contract language is German. Any communication and support services are also provided in German unless otherwise agreed. Should PebbleByte translate these Data Privacy Policy into another language, this serves only for understanding purposes; in case of doubt, the German wording takes precedence.

1. Controller

PebbleByte GmbH
Mittelgasse 4/13
1060 Vienna, Austria
Phone: +43 676 59 40 027
Email: office@pebblebyte.com

2. Scope of Application

This privacy policy applies to all data processing operations in connection with the use of our web application by (registered) (business) customers and visitors to the website. The application is used to collect customer phone numbers, send review invitations, marketing SMS, QR code check-ins, and billing via Stripe.

3. Purposes and Legal Bases of Processing

Purposes:

  • Provision and management of the application/website
  • Collection and processing of customer data for SMS communication
  • Sending review SMS and marketing messages
  • Generation of QR check-ins
  • Payment processing via Stripe
  • Security monitoring and technical optimization

Legal bases:

  • Contract performance pursuant to Art. 6 para. 1 lit. b GDPR
  • Consent pursuant to Art. 6 para. 1 lit. a GDPR (for SMS to end customers)
  • Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (e.g., for security & analysis)

4. Responsibility and Data Processing

PebbleByte GmbH acts exclusively as a data processor within the meaning of Art. 4 No. 8 and Art. 28 GDPR with regard to the personal data of end customers (e.g., phone numbers) collected via the RevWize application.

The respective registered business customer who uses the application is responsible in terms of data protection for this data.

The business customer is obliged to fulfill all data protection requirements (e.g., consent, information obligation, purpose limitation) towards their end customers. RevWize provides technical functions for this purpose (e.g., consent checkbox, logging; see Section 6), but assumes no independent responsibility for the lawfulness of data collection by the customer.

5. Data Collected

5.1 When visiting the website:

  • IP address, browser data, access times, log data

5.2 Upon registration:

  • Company name, address, contact person, email, phone number
  • VAT identification number (UID/VAT-ID), where legally required. For international customers, this may be an equivalent tax identification number.

5.3 During operation of the application:

  • Customer data: Phone numbers, optional names, consent status
  • Usage data: IP address, browser data, access times, log data
  • Communication data: Contents and sending times of SMS
  • Billing data: Number of SMS sent, transactions via Stripe

6. Consent of End Customers

Before storing and using your customers' phone numbers for SMS communication, express consent from these persons is required.

RevWize provides a technical solution for obtaining consent directly when the phone number is entered by the person concerned. End customers enter their phone number independently via an input field and confirm by means of checkboxes that they:

  • consent to a one-time SMS invitation for a review
  • voluntarily consent to further contact for advertising purposes (e.g., offers, promotions).

The following is automatically logged:

  • Date and time of consent,
  • IP address or device data (where technically necessary),
  • Status of the checkboxes set,
  • User account under which the process took place.

This data is stored exclusively for the purpose of verifiability pursuant to Art. 7 para. 1 GDPR and is not used for other purposes. The consent can be revoked at any time by the person concerned (see Section 11).

7. Disclosure to Third Parties

External service providers:

  • Stripe Payments Europe Ltd.: Payment processing (Privacy: https://stripe.com/de/privacy)
  • GatewayAPI ApS: SMS sending service provider (https://gatewayapi.com/security-and-compliance/)

GDPR-compliant data processing agreements exist with both service providers in accordance with Art. 28 GDPR. Data transfers to third countries only take place using appropriate safeguards (e.g., standard contractual clauses).

Additional notes:

  • There is no disclosure to Google in the context of review link creation.
  • Internal disclosures only occur for contract fulfillment and service optimization.
  • Data disclosures to authorities only occur when legally required.

8. Storage Duration

Your personal data will only be stored for as long as necessary to fulfill the stated purposes or as required by legal retention obligations. After expiration, routine deletion takes place.

9. Technical and Organizational Measures (TOMs)

To protect your data, we implement the following measures, among others:

  • SSL/TLS encryption of all data transmissions
  • Role concept and access controls
  • Logging of accesses & changes
  • Hosting on servers within the EU
  • Regular software updates and backups
  • Training of employees on data protection & IT security

10. Rights of Data Subjects

You have the right to:

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Complaint to the data protection authority (see Section 12)

11. Revocation of Consent

You can revoke any consent given at any time with effect for the future. The revocation can be made by email or directly via the RevWize platform.

12. Supervisory Authority

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
Email: dsb@dsb.gv.at
Web: https://www.dsb.gv.at
Phone: +43 1 52 152-0

13. Changes to this Privacy Policy

This privacy policy will be updated in the event of legal or technical changes. The current version is available on our website. We will communicate significant changes separately.

PebbleByte GmbH
Mittelgasse 4/13, 1060 Vienna
Email: office@pebblebyte.com