takas

Privacy Policy

Effective date: 26th of January 2026
Takas ("we", "our") values your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Takas mobile application and associated services. This policy applies to users in Finland, Sweden, Norway, and Denmark. We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws in Finland (Tietosuojalaki 1050/2018), Sweden, Norway, and Denmark. This Privacy Policy forms part of our Terms of Service. By using Takas, you acknowledge that you have read and understood this policy.
0. Definitions
For the purposes of this Privacy Policy: "Personal Data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on personal data, including collection, storage, use, and deletion. "Data Controller" means the entity that determines the purposes and means of processing personal data. "Data Processor" means an entity that processes personal data on behalf of the controller. "We", "us", "our" refers to Takas and Maksuni Financial Services Oy. "You", "your" refers to users of the Takas service.
1. Data Controller
The data controller responsible for your personal data is: Maksuni Financial Services Oy, Keilaranta, 00520 Helsinki, Finland. For data protection inquiries, please contact us at: Email: moi at maksuni.fi, Address: Maksuni Financial Services Oy, Keilaranta, 00520 Helsinki, Finland. If we have appointed a Data Protection Officer (DPO), their contact information will be provided separately.
2. What We Collect
We collect the following categories of personal data: 2.1. Account Information (Required for service): Email address (required), Name (optional), Account creation date and settings. 2.2. Receipt Data (Required for rewards): Receipt images you upload, Merchant/store name, Products and items purchased, Purchase amounts and prices, Purchase dates and times, Transaction details. 2.3. Reward Data: Coins earned and balance, Spins available and used, Lottery entries and participation history, Redemption history and gift card selections. 2.4. Usage Data (Collected automatically): App usage patterns and features accessed, Time spent in app, Device information (model, operating system, version), IP address, App version and installation information, Error logs and crash reports. 2.5. Device and Technical Data: Device identifiers (if applicable), Browser type and version (for web features), Screen resolution and device capabilities, Network information. 2.6. Location Data: We may collect approximate location data based on your IP address or device settings, but we do not collect precise GPS location unless you explicitly grant permission. Data Sources: Most data is collected directly from you when you use the Service. Some data (like device information) is collected automatically. We do not purchase personal data from third parties.
3. Why We Use Your Data (Legal Bases)
We process your personal data for the following purposes and legal bases: 3.1. Service Provision (Legal basis: Contract): To create and manage your account, To analyze receipts and award rewards, To process reward redemptions, To provide customer support. This processing is necessary to perform our contract with you. Without this data, we cannot provide the Service. 3.2. Fraud Prevention and Security (Legal basis: Legitimate Interest): To detect and prevent fraudulent receipt submissions, To identify duplicate receipts, To protect the integrity of the reward system, To ensure account security. We have a legitimate interest in preventing fraud and maintaining service security. 3.3. Service Improvement (Legal basis: Legitimate Interest): To analyze usage patterns and improve app functionality, To fix bugs and technical issues, To develop new features, To conduct analytics and research. We have a legitimate interest in improving our Service. 3.4. Legal Compliance (Legal basis: Legal Obligation): To comply with tax reporting requirements, To comply with gambling/lottery regulations, To respond to legal requests, To maintain records as required by law. 3.5. Marketing and Communications (Legal basis: Consent, where required): To send you service updates and important notices, To send promotional communications (only with your consent), To notify you about new features. You can withdraw marketing consent at any time. 3.6. Cookies and Analytics (Legal basis: Consent for non-essential cookies): To analyze app performance, To understand user behavior, To improve user experience. Non-essential cookies require your consent.
4. How We Share Your Data
We may share your personal data with the following categories of recipients: 4.1. Service Providers (Data Processors): We share data with trusted third-party service providers who process data on our behalf under strict data processing agreements: Hosting and cloud storage providers (data stored in EU/EEA), Analytics and performance monitoring services, Customer support platforms, Payment processors (for reward redemptions), Email service providers. These processors are contractually obligated to protect your data and only process it for specified purposes. 4.2. Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change in ownership. 4.3. Legal Requirements: We may disclose your data if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users. 4.4. With Your Consent: We may share your data with other parties when you have given explicit consent. We do not sell your personal data to third parties. We do not share your data with advertisers for their own purposes without your consent.
5. Data Security
We implement appropriate technical and organizational measures to protect your personal data: Technical Measures: Encryption of data in transit (TLS/SSL), Encryption of sensitive data at rest, Secure authentication and access controls, Regular security assessments and penetration testing, Secure coding practices and vulnerability management. Organizational Measures: Staff training on data protection, Access controls and role-based permissions, Confidentiality agreements with employees and contractors, Regular security audits and reviews, Incident response procedures. Data Storage: Your data is stored on secure servers located within the EU/EEA. We use reputable cloud service providers that comply with GDPR requirements. While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy: Account Data: Retained for the duration of your account and for a reasonable period (typically 30-90 days) after account deletion, unless longer retention is required by law. Receipt Data: Retained for fraud prevention and service improvement purposes. Receipt images may be retained for up to 3 years after your last activity, or as required for legal compliance. Reward Data: Retained for the duration of your account and for accounting/legal purposes (typically 7 years for financial records). Usage and Device Data: Retained for up to 2 years for analytics and service improvement, then anonymized or deleted. Legal Retention: Some data may be retained longer if required by law (e.g., tax records, gambling regulations). When data is no longer needed, we securely delete or anonymize it. You can request deletion of your data at any time (see Your Rights section).
7. International Data Transfers
Your personal data is primarily stored and processed within the European Union (EU) and European Economic Area (EEA). If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place: Standard Contractual Clauses (SCCs) approved by the European Commission, Adequacy decisions by the European Commission (for countries with adequate data protection), Other legally recognized transfer mechanisms. Currently, we do not transfer personal data outside the EU/EEA for processing. If this changes, we will update this policy and notify you. Any transfers will comply with GDPR requirements and applicable data protection laws.
8. Your Rights
Under GDPR and applicable data protection laws, you have the following rights regarding your personal data: 8.1. Right of Access: You can request a copy of all personal data we hold about you. 8.2. Right to Rectification: You can request correction of inaccurate or incomplete data. 8.3. Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data, subject to legal retention requirements. 8.4. Right to Restrict Processing: You can request that we limit how we process your data in certain circumstances. 8.5. Right to Data Portability: You can request your data in a structured, machine-readable format. 8.6. Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes. 8.7. Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time. 8.8. Right to Lodge a Complaint: You can file a complaint with your local data protection authority if you believe we have violated your rights. These rights are not absolute and may be limited in certain circumstances (e.g., legal obligations, legitimate interests). We will inform you if we cannot fulfill your request and explain why.
9. How to Exercise Your Rights
To exercise any of your rights, please contact us at: Email: moi at maksuni.fi, Address: Maksuni Financial Services Oy, Keilaranta, 00520 Helsinki, Finland. Please include: Your name and email address associated with your account, A clear description of the right you wish to exercise, Any relevant details to help us locate your data. Response Time: We will respond to your request within 30 days (or inform you if we need more time). Identity Verification: We may need to verify your identity before processing requests to protect your data security. Fees: Requests are generally free, but we may charge a reasonable fee for excessive or repetitive requests. Limitations: Some rights may be limited if: We have a legal obligation to retain the data, The data is necessary for contract performance, We have overriding legitimate interests, The request is manifestly unfounded or excessive.
10. Automated Decision-Making and Profiling
We use automated processing in the following ways: Receipt Analysis: We use automated systems to analyze receipt images, extract information (merchant, products, prices), and determine reward eligibility. Fraud Detection: We use automated systems to detect duplicate receipts, suspicious patterns, and potential fraud. These automated processes help us provide the Service efficiently and securely. You have rights regarding automated decision-making: Right to Human Review: You can request human review of any automated decision that significantly affects you. Right to Explanation: You can request an explanation of how automated decisions are made. Right to Object: You can object to automated processing in certain circumstances. If you believe an automated decision is incorrect, please contact us to request review. We do not use automated decision-making for purposes that would significantly affect your legal rights without human oversight.
11. Children's Privacy
Takas is intended for users aged 18 and older. However, users aged 13-17 may use the Service with guardian consent and verification (as specified in our Terms of Service). For users under 18: We require guardian consent and verification before account activation, We implement additional protections for minors' data, We do not knowingly collect data from children under 13 without verifiable parental consent, Guardian consent can be withdrawn at any time, which may result in account suspension. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately. We will delete such data upon verification. Lottery participation is restricted to users 18 years and older in all jurisdictions.
12. Cookies and Tracking
We use cookies and similar tracking technologies to improve the Service: 12.1. Essential Cookies: Required for the Service to function (e.g., authentication, security). These do not require consent. 12.2. Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics). These require your consent. 12.3. Functional Cookies: Remember your preferences and settings. These may require consent depending on their purpose. 12.4. Third-Party Tracking: We may use third-party analytics services that use cookies or similar technologies. These services are subject to their own privacy policies. Cookie Management: You can manage cookie preferences through: Your browser settings (for web features), App settings (for mobile app), Our cookie consent banner (where applicable). Disabling certain cookies may affect Service functionality. We do not use cookies for advertising purposes without your explicit consent. For more information about specific cookies we use, please contact us.
13. Data Breaches
In the event of a personal data breach that poses a risk to your rights and freedoms, we will: Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required), Notify affected users without undue delay if the breach poses a high risk, Provide clear information about: The nature of the breach, The categories of data affected, The likely consequences, The measures we are taking to address it, Recommendations for steps you can take. We maintain incident response procedures and regularly review our security measures to prevent breaches. If you become aware of any security issue, please contact us immediately at moi at maksuni.fi.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. Material changes that affect your rights will be: Notified via the app, email, or other reasonable means at least 30 days before they take effect, Clearly marked with the new effective date. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy. If you do not agree to the changes, you may stop using the Service and request deletion of your account. The current version is always available in the app and on our website.
15. Contact Information and Complaints
For privacy-related questions, data protection inquiries, or to exercise your rights, please contact: Maksuni Financial Services Oy, Keilaranta, 00520 Helsinki, Finland. Email: moi at maksuni.fi. Supervisory Authorities: If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your local data protection authority: Finland: Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Website: tietosuoja.fi, Address: Lintulahdenkuja 4, 00530 Helsinki, Finland. Sweden: Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), Website: imy.se. Norway: Norwegian Data Protection Authority (Datatilsynet), Website: datatilsynet.no, Address: Tollbugata 3, 0152 Oslo, Norway. Denmark: Danish Data Protection Agency (Datatilsynet), Website: datatilsynet.dk, Address: Borgergade 28, 5., 1300 Copenhagen K, Denmark. We are committed to working with you to resolve any concerns about your privacy.