Back to Top

Premium Vouchers

for Everybody


Privacy Policy

I. General Notes

PHENOM ECOSYSTEM – FZCO, represented by the Company Manager Mariia Venherska, DSO-IFZA-9022, Dubai Digital Park – Office A2, Dubai Silicon Oasis, UAE, (hereinafter „Bonusking“) as the operator of the website takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this Privacy Policy. The legal basis can be found in particular in the General Data Protection Regulation (GDPR).

When you use this website, various personal data is processed depending on the type and extent of use. Personal data is information that relates to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified directly or indirectly (e.g. by means of an association with an online identifier). This includes information such as the name, address, telephone number and date of birth.

This Privacy Policy informs you in accordance with Art. 12 et seqq. GDPR about the handling of your personal data when using our website. This Privacy Policy explains in particular what data we collect and what we use it for. In addition, you will be informed about how and for what purpose this is done.

II. Controller

Controller means a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.). The controller in the sense of the GDPR and the applicable national data protection laws as well as other data protection regulations is:

PHENOM ECOSYSTEM – FZCO, DSO-IFZA-9022, Dubai Digital Park – Office A2, Dubai Silicon Oasis, UAE


III. Data protection representative in the EU

We have appointed a data protection representative for our company:

IV. Purposes and legal bases of data processing

  1. Accessing and visiting our website – server log files

To technically provide the website, it is necessary for us to process data automatically transmitted by your browser to allow our website to be displayed in your browser and to allow you to use the website. This data is automatically collected each time our website is accessed and automatically stored in so-called server log files. This data includes:

  • Browser type and browser version
  • Used operating system
  • Website from which our site is accessed (referrer URL)
  • Host name of accessing computer
  • Date and time of access
  • IP address of accessing computer

The retention of the aforementioned access data is necessary for the provision of a functional website and to ensure system security for technical reasons. This also applies to the retention of your IP address, which necessarily takes place and, under further conditions, can at least theoretically be allocated to your person. In addition to the above-mentioned purposes, we use server log files solely for the purpose of tailoring the design and optimization of our website purely for statistical purposes and without any reference to your person. This data will not be merged with other data sources, nor will the data be evaluated for marketing purposes.

Access data collected in the course of using our website will only be stored for the period of time for which this data is required to achieve the above purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.

Insofar as you visit our website in order to obtain information about our range of products and services or to use them, the basis for the temporary retention and processing of access data is Art. 6(1)(b) GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6(1)(f) GDPR serves as the legal basis for the temporary retention of technical access data. Our legitimate interest in this respect is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

  1. Use of cookies and related functions/technologies

In some cases, we may use so-called cookies on our website. Cookies do not harm your computer and do not contain viruses. Cookies enable us to make our offer more user-friendly, effective and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that allows your browser to be uniquely identified when you return to the website.

Most of the cookies we use are so-called „session cookies“. They are automatically deleted when you leave the website or end your browser session (so-called transient cookies). Other cookies remain stored on your terminal device for a specified period of time or until you delete them (so-called persistent cookies). These cookies help us identify your browser on your next visit. Upon written inquiry, we are happy to provide further information on the functional cookies used. Please contact us at the contact details provided above.

You may configure your browser in such a way that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You may obtain instructions on how to disable cookies by using the „Help“ function of your Internet browser. When cookies are disabled, the functionality and/or full availability of this website may be limited. For further cookie-specific setting and deactivation options, please also see the individual explanations below on specific cookies and associated functions/technologies used when visiting our website.

Some of the cookies we use on our website are third-party cookies that help us analyze the effect of our website content and visitors‘ interests, measure the service and performance of our website, or serve customized advertising and other content on our website or other websites. As part of our website, we use both first party cookies (only visible from the domain you are visiting) and third-party cookies (visible across domains and regularly set by third parties).

Cookies-based data processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR (legal basis) or on the basis of Art. 6(1)(f) GDPR (legal basis) to protect our legitimate interests. Our legitimate interests in this respect are, in particular, to be able to provide you with a technically optimized website that is user-friendly and tailored to your needs, as well as to ensure the security of our systems. You can withdraw the consent you have given us at any time, e.g., by deactivating the cookie-based tools/plugins listed in detail in the following overview. Moreover, you may object to processing based on legitimate interests by making the appropriate settings.

Specifically, the following cookie-based tools/plugins are used on this website:

Use of Google Analytics

We use the Google Analytics web analytics service provided by Google Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; „Google“) on our website.
The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. On behalf of the operator of this website, Google will use the information obtained to evaluate your use of the website, to compile reports on website activities, and to provide the website operator with further services related to website and internet use. The following information, among others, may be collected: IP address, date and time of page view, click path, information about the browser you are using and the device you are using, pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. The IP address transmitted in the context of Google Analytics by your browser is not merged with other data provided by Google.
Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of the website. The data generated in this way about your use of this website usually is transmitted to a Google server in the USA and stored there. There is no EU Commission adequacy decision for the USA. The data transfer is carried out, among others, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, viewable at: and Both Google and U.S. government agencies have access to your data. Your information may be linked by Google to other information, such as your search history, your personal accounts, your usage data from other devices, and any other information Google may have about you.
The IP anonymization function is activated on this website. As a result, your IP address is previously shortened by Google within European Union Member States or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 of the Telecommunications Telemedia Data Protection Act (TTDSG) in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You may withdraw consent at any time without the withdrawal of the consent affecting the lawfulness of the processing that was based on your consent before its withdrawal.
For more information on terms of use and data privacy, please visit or and

Use of Google Fonts

For visually improved display of the font, we use so-called web fonts („Google Fonts“) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These are provided by Google ( To do this, your browser loads the required web font into your browser cache when you visit our site. If your browser does not support this feature, the text is displayed in a standard font.

You can set your browser so that the fonts are not loaded from Google’s servers, for example by installing add-ons such as NoScript or Ghostery for Firefox. If your browser does not support Google Fonts or you disable access to Google servers, the text will be displayed in the system’s default font. For more information on Google Web Fonts, please visit

General information about data protection at Google can be found at Information about Google Fonts and data protection can be found at

This data processing is based on the principles of Art. 6(1)(f) GDPR for the protection of our legitimate interests, i.e. the optimization of our offer.

  1. Data processing when opening a customer account

Pursuant to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary in each case if you provide it to us when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the controller. After deletion of your customer account, your data will be deleted, provided that the contracts concluded via it have been fully processed, there are no legal retention periods and we no longer have a legitimate interest in storing it.

  1. How to contact us

If you contact us via a contact option provided within this Privacy Policy or in the imprint or via our contact form, your information as well as the contact data provided by you (e.g. name, email address) will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not share this data with third parties.

We will delete your request(s) and your contact information if your request has been finally answered. In principle, your data will be stored for 6 months and deleted after this period, unless you send us a follow-up request or we need to process the data for other purposes.

This data processing is based on Article 6(1)(a) GDPR in connection with the consent given by you.

  1. Collection of personal data at conclusion of contract and payment

We store the following personal data within the scope of an order:

  1. name,
  2. address,
  3. telephone number,
  4. email address,
  5. if applicable, deviating shipping address,
  6. if applicable, value-added tax ID number,
  7. payment details.

We use this data exclusively for the purpose of carrying out the contract and communicating with you. This includes the initiation, conclusion, settlement, warranty, and, if applicable, rescission of the purchase contract. The data will be stored by us until the complete execution of the purchase contract. Insofar as commercial and tax retention periods apply, the retention period may be up to 10 years.

The recording and processing is carried out within the framework of the concluded contract between Bonusking and the customer according to Art. 6(1)(b) GDPR. The legal basis for further retention for tax and commercial law reasons is the necessity for compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.

  1. Other processing purposes

Compliance with legal requirements: We also process your personal data to comply with other legal obligations we may have in connection with our business. This includes, in particular, retention periods under commercial, trade or tax law. In so doing, we process your personal data in accordance with Art. 6 (1)(c) GDPR (legal basis) to comply with a legal obligation to which we are subject.

Legal enforcement: We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Lastly, we process your personal data insofar as this is necessary for the prevention or prosecution of criminal offenses. We process your personal data in this context to protect our legitimate interests pursuant to Art. 6(1)(f) GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses (legitimate interest).

Consent: If you have provided your consent for processing personal data for certain purposes (e.g., sending information material and offers), the lawfulness of this processing is based on your consent. You may withdraw your consent at any time. This also applies to the withdrawal of declarations of consent that were provided to us prior to the application of the GDPR, i.e. prior to 25 May 2018. Please note that your objection will only take effect in the future and that processing up to that point will not be affected.

V. Recipients of data

Within the Bonusking company, your data will be accessed by persons who require this data in order to fulfill our contractual and legal obligations.

Service providers and vicarious agents (e.g. technical service providers, shippers, disposal companies) employed by us may also receive data for these purposes. We limit the transfer of your personal data to what is necessary, taking into account the requirements of data protection law. In some cases, the recipients of your personal data are processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently subject to their own data protection responsibilities and are also obliged to comply with the requirements of the GDPR and other data protection regulations.

We may also transfer personal data to our counselling partners in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.

VI. Data transfer to third countries

We may transfer your IP address to third countries when using the above-mentioned tools (e.g. Google) (cf. above). The data transfer is based in each case on your express consent. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations, unless expressly stated otherwise in this Privacy Policy.

VII. Duration of data storage

We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage (cf. above for the individual processing purposes). This may also include the periods during which a contract is initiated (pre-contractual legal relationship) and during which a contract is processed. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

  • Fulfillment of legal retention obligations
  • Preservation of evidence in compliance with the statute of limitations

VIII. Data security

We protect personal data by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the data subjects. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment we use and to protect personal data from unauthorized disclosure to third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact inquiries that you send to us as the site operator. You will be able to recognize an encrypted connection when the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in the address line of your browser. If SSL or TLS encryption is activated, third parties will not be able to read the data you transmit to us. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may be vulnerable to security gaps. It is therefore not possible to provide complete protection of the data against access by third parties.

IX. Your rights as data subject

In accordance with the statutory provisions, you are entitled to the following rights as a data subject:

Right of access: You are entitled to request confirmation from us at any time within the framework of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the framework of Art. 15 GDPR to receive information about this personal data and certain other information (including the purposes of processing, categories of personal data, categories of recipients, planned retention period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data.

Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data we hold about you if such data is inaccurate or incorrect.

Right to erasure: You are entitled to demand that we delete personal data concerning you without delay subject to the conditions of Art. 17 GDPR. The right to erasure does not apply, among other things, if the processing of personal data is necessary, for example, to comply with legal obligations (e.g. statutory retention obligations) or to assert, exercise or defend legal claims.

Right to restriction of processing: You are entitled to demand that we restrict the processing of your personal data subject to the conditions of Art. 18 GDPR.

Right to data portability: You are entitled, subject to the conditions of Art. 20 GDPR, to request that we provide you with the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

Right to object: You may object to the processing of personal data you have consented to at any time. This also applies to the objection to declarations of consent provided to us prior to the application of the GDPR, i.e. prior to 25 May 2018. Please note that this objection takes effect only for the future. Processing that took place prior to such objection is not affected. In order to declare your objection, it is sufficient to send us an informal message, e.g. by email.

Right to object: You have the right to object to the processing of your personal data subject to the conditions of Art. 21 GDPR, requiring us to stop processing your personal data. The right to object applies only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, which means that we are entitled to process your personal data despite your objection. Any objection to direct marketing measures will be taken into account immediately and without further consideration of the existing interests.

Information about your right to object according to Art. 21 GDPR

You may object at any time to the processing of your data that is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests) or Article 6(1)(e) GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation.

Should you object, we will no longer process your personal data unless we prove compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Your objection may be provided informally and should preferably be addressed to:

PHENOM ECOSYSTEM – FZCO, DSO-IFZA-9022, Dubai Digital Park – Office A2, Dubai Silicon Oasis, UAE


Right to lodge a complaint with a supervisory authority: Subject to the conditions of Art. 77 GDPR, you have a right to lodge a complaint with a competent supervisory authority. In particular, you can address a complaint to a supervisory authority.

A list of the German data protection supervisory authorities and their contact details can be found at:

Other concerns: Please feel free to contact our data protection officer if you have any further privacy questions or concerns. Inquiries in this regard, as well as the exercise of your foregoing rights, should be sent, if possible, in writing to our address indicated above or by email to

X. Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or answer your inquiries to us. Personal data that we do not absolutely require for the above-mentioned processing purposes is marked accordingly as voluntary information.

XI. Automated decision making/profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

XII. Up-to-dateness and changes to this Privacy Policy

  1. This Privacy Policy is currently valid and has the status of 10/20/2022.
  2. Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this Privacy Policy.