// Privacy policy

Home Privacy policy

PRIVACY POLICY

(Last updated: February 3, 2026)

1. Data Controller

The controller of personal data is:

Rewardhero d.o.o.
Ulica 15. maja 10b
6000 Koper
Slovenia
Company ID number: 8816964000
Email: [email protected]
Website: https://www.rewardhero.com

(hereinafter referred to as “Rewardhero”, “HERQ”, or “we”)

2. Personal Data We Collect

2.1 Data You Provide Voluntarily

  • First and last name (if provided)

  • Email address

  • Information about lost or found items

  • Messages sent via contact forms or email

  • Data related to orders (e.g. QR stickers or paid services)

  • Data related to the reward system (HERQ coins)

2.2 Automatically Collected Data

When you visit our website, we may automatically collect:

  • IP address

  • Device type

  • Browser type

  • Operating system

  • Date and time of access

  • Website usage data

  • Cookies and tracking technologies

2.3 Payment Information

Payments are processed through Stripe.

Rewardhero d.o.o. does not store credit card details.
Stripe processes payment data as an independent data controller in accordance with its own privacy policy.

3. Purpose of Data Processing

We process personal data for the following purposes:

  • Providing and operating the lost & found platform

  • Publishing lost or found item listings

  • Sending email notifications (newsletter)

  • Processing payments and orders

  • Improving website performance

  • Website analytics (Google Analytics)

  • Preventing abuse and ensuring platform security

  • Fulfilling legal obligations

4. Legal Basis for Processing

We process personal data based on:

  • Your consent (Article 6(1)(a) GDPR)

  • Performance of a contract (Article 6(1)(b) GDPR)

  • Legitimate interest (Article 6(1)(f) GDPR)

  • Legal obligations (Article 6(1)(c) GDPR)

You may withdraw your consent for newsletters at any time by clicking the unsubscribe link.

5. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC.

Google Analytics uses cookies to analyze website usage.
IP addresses are anonymized (IP masking enabled).

Data may be transferred to the United States under appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

More information: https://policies.google.com/privacy

Users can disable Google Analytics via cookie settings or browser tools.

6. Stripe – Payment Processing

We use Stripe to process online payments.

Stripe may process:

  • Name and surname

  • Email address

  • Payment details

  • Transaction data

Rewardhero d.o.o. does not store card information.

More information: https://stripe.com/privacy

7. Data Retention

We retain personal data:

  • As long as a user account is active

  • Until consent is withdrawn (newsletter)

  • As required by law (e.g. accounting data retained for at least 10 years)

After the retention period, data is deleted or anonymized.

8. Sharing of Personal Data

We may share data with:

  • IT service providers

  • Hosting providers

  • Google (analytics)

  • Stripe (payment processing)

  • Public authorities when required by law

We do not sell personal data to third parties.

9. International Data Transfers

Some service providers (e.g. Google, Stripe) may process data outside the EU.

Transfers are carried out based on appropriate safeguards such as Standard Contractual Clauses in compliance with GDPR.

10. Cookies

We use:

  • Essential cookies necessary for website functionality

  • Analytical cookies (Google Analytics)

Users can manage cookie preferences via the cookie banner or browser settings.

11. Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

Requests can be sent to:
[email protected]

You also have the right to lodge a complaint with the competent supervisory authority:

Information Commissioner of the Republic of Slovenia
Dunajska cesta 22
1000 Ljubljana
https://www.ip-rs.si

12. Data Security

We implement appropriate technical and organizational measures to protect personal data against:

  • Unauthorized access

  • Loss

  • Misuse

  • Alteration or destruction

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time.
The latest version will always be available on our website.

RewardHero