Privacy Policy for the Dropshop app

Dropshop app operated by Brauerei Locher AG

calendar_today Last updated: 24.03.2026

Responsible entity

The entity responsible for processing personal data in connection with the app is:

Brauerei Locher AG
Brauereiplatz 1
9050 Appenzell
Switzerland
Email: info@appenzellerbier.ch

Responsible for the content and data protection:

Aurèle Meyer
Brauereiplatz 1
9050 Appenzell
Switzerland
Email: info@appenzellerbier.ch

What this Privacy Policy is about

This Privacy Policy provides information on how Brauerei Locher AG processes personal data in connection with the use of the Dropshop app.

It applies in particular to the registration and use of the app, the user account, the Wallet, the collection and redemption of Drops, participation in games, promotions and competitions, the use of push notifications, location-related promotions, profile features, support requests, as well as related technical and organisational processes.

Transactions in the webshop of Brauerei Locher AG are also subject to the webshop’s data protection regulations, insofar as personal data are processed in a separate environment there.

Legal basis / data processing

Personal data is processed in accordance with the applicable Swiss data protection law, in particular the Swiss Federal Act on Data Protection (FADP, SR 235.1)

Brauerei Locher AG processes personal data in particular:

  • to fulfil contracts and to provide the app features (e.g. user account, Wallet, Drops, support),
  • on the basis of consent (e.g. for marketing communications, push notifications or location features),
  • to safeguard legitimate interests (e.g. operation, security and enhancement of the app as well as prevention of misuse),
  • to comply with legal obligations.

Consents given may be withdrawn at any time with effect for the future.

Which personal data we process

Depending on the use of the app, Brauerei Locher AG processes the following personal data in particular:

  • First name
  • Last name
  • Email address
  • Date of birth
  • Nickname
  • Delivery address
  • Telephone number
  • Gender
  • Profile image
  • Location data
  • Push tokens and notification settings
  • Information on the activation of marketing communications
  • Registration and login details
  • Data related to Apple login or Google login
  • Wallet data, Drops balance, expiry dates and redemptions
  • QR scan data
  • Game status and nickname for the in-app game and the leaderboard
  • Data related to promotions and competitions
  • Support requests and technical log data
ul>

Mandatory information and voluntary information

The following information is required for registration:

  • First name
  • Last name
  • Email address
  • Date of birth
  • Nickname

The date of birth is used to check whether the required minimum age has been reached. Further information – such as delivery address, telephone number and gender – is voluntary; however, a delivery address may be required if a reward or benefit obtained needs to be shipped.

The processing of location data, the delivery of push notifications, the receipt of marketing communications and the use of biometric login features shall occur only when the respective feature is activated or the relevant consent has been granted.

Registration, user account and Wallet

When creating a user account, Brauerei Locher AG processes the registration data of users to set up and manage the account and to enable use of the app. The app has a personal area in which the user’s Drops balance, expiration dates, redemptions and other programme-related information are displayed. This area is referred to as “Wallet” in the app.

This data is processed in particular so that:

  • the user account can be used,
  • Drops can be collected, managed, shared and redeemed,
  • rewards or vouchers can be obtained,
  • game- and promotion-related features can be provided,
  • misuse, errors or unauthorised multiple uses can be detected and processed.

Collecting Drops and QR codes

When a QR code is scanned, Brauerei Locher AG processes the related data, in particular the scanned code, the time of the scan, the association with the user account and the resulting crediting of Drops.

This processing is carried out in particular:

  • to check valid QR codes,
  • to correctly credit Drops,
  • to prevent multiple uses, manipulations or misuse,
  • to operate the loyalty programme on a technical and administrative level.

Not every pack necessarily contains a QR code, and only selected products participate in the Dropshop programme.

In-app game, leaderboard and promotions

When a user plays the in-app game, Brauerei Locher AG processes their nickname and score. The nickname can be displayed on the leaderboard. This processing is carried out in particular to record game scores, display rankings, implement monthly rankings or similar game mechanics, and to provide the game-related features of the app.

In connection with the in-app game, only the score and nickname are currently processed; no further information on user behaviour within the game is processed.

For promotions and special offers, Brauerei Locher AG processes the data necessary to technically implement the respective promotion – for example, to verify eligibility, allocate benefits or display relevant content.

Profile image and photo access

If a profile image is stored, the app can access the photo gallery or use the camera to take an image, depending on the selection. The profile image is used exclusively for the respective user profile and, as things stand, is only visible to the respective user themselves. The image is selected or captured on the device and then saved in the back end so that it can be assigned to the user account and displayed in the app. The use of this feature is voluntary and not required for the general use of the app.

Camera

The camera is used to scan QR codes. The app can generally still be used without camera access; however, it is not then possible to collect Drops via QR codes. Processing takes place on the device and in the back end, insofar as this is necessary for the recording and crediting of scanned codes.

Location data

When location access is enabled, the app can process the location while the app is in use to display location-based promotions or special offers.

According to the current status, the following applies:

  • Location data is not collected continuously in the background, but only while the app is actively in use.
  • A precise location is used.
  • Location data is stored on the back end only to the extent necessary to deliver location-based promotions accurately.
  • No further location data is collected once the app is closed, until it is reopened.
  • If the user account is deleted, all associated location data will be permanently erased after 30 days.

The use of location-based features is voluntary. The app can continue to be used without location sharing. Certain location-based promotions or notifications may not be available, or may be limited, if location access is not provided.

Push notifications, marketing and in-app notifications

The app can send push notifications. Here, a distinction is made in particular between the following categories:

  • technical or transactional notifications – regarding expiry of Drops, win notifications or status information, for example;
  • marketing or information notifications – regarding special offers, new products, news or special promotions, for example.

Push notifications and marketing communications can be enabled or disabled in the settings. Push notifications are controlled via the deployed back-end and messaging systems. Additionally, notifications can be displayed within the app in a corresponding area. When marketing emails are enabled, Brauerei Locher AG processes the email address, as well as the information that marketing notifications have been enabled, in order to send corresponding content.

Newsletter and marketing emails

If consent is given for the receipt of marketing emails, Brauerei Locher AG processes in particular the email address and the associated opt-in information. The emails are sent via Contao and the associated systems and service providers, including Mailchimp, until the user unsubscribes.

Users can unsubscribe from marketing emails at any time using the designated settings or the unsubscribe link included in an email.

Apple login, Google login and biometric login

Depending on the functionality, registration or login may also be completed via Apple login or Google login. In this case, Brauerei Locher AG processes the data provided as part of the selected login method insofar as this is necessary for setting up or using the user account.

The use of these login methods is voluntary. Alternatively, registration can be completed using an email address and password. If biometric unlocking or login is enabled on the device, authentication is carried out exclusively via the device’s internal operating system functions. Brauerei Locher AG does not store or process any biometric raw data or biometric templates itself.

Analysis, crash reporting and technical logs

For the technical analysis and improvement of the app, as well as for the detection and correction of errors, Brauerei Locher AG uses, in particular, the following services:

  • Google Analytics / Firebase Analytics
  • Firebase Crashlytics
  • Firebase Cloud Messaging

In this context, technical usage data, device information, event data, crash information, push tokens and other app-related log data may be processed insofar as this is necessary for analysis, stability, operation and enhancement of the app. Where IP addresses or comparable technical identifiers are processed within the scope of these services, this is carried out in anonymised or pseudonymised form as things stand. The personal tracking of individual users is not intended. As things stand, no data transfers abroad take place in connection with these services. The retention period for log data is 30 days.

Competitions

In connection with competitions, Brauerei Locher AG processes the personal data required to administer the respective competition. Winners are notified separately by email. Names, places of residence, photographs or similar information will not be published without prior consultation and the consent of the individual concerned. Additional terms and conditions may apply to individual competitions.

Support, contact form and chatbot

When contact is made with Brauerei Locher AG via the “Contact us” feature or by other means, Brauerei Locher AG processes the transmitted information and content for the purpose of handling the respective support request. An email generated by the support feature will be retained in the email system for as long as necessary.

OpenAI (GPT) is currently used for the chatbot. When using the chatbot, the entered content may be processed insofar as this is necessary to handle requests and to provide the chat function. Chat histories are stored for 90 days and then deleted. The content may be used for the manual improvement of the chat. According to the provider’s current information, the data is not used for automated machine learning or similar training purposes.

Webshop and redemption of vouchers or rewards

The Dropshop app itself is used for collecting and redeeming Drops. Certain rewards or vouchers are redeemed or obtained through the webshop of Brauerei Locher AG. The webshop is a separate environment. When an order is placed or a voucher is redeemed there, the necessary data is processed separately as part of the webshop process. This may include, in particular, order-, shipping- and accounting-related data. A webshop login is not automatically created from the app. Orders can be placed as a guest. To the extent that data is processed in connection with the webshop, the webshop privacy policy of Brauerei Locher AG applies in addition.

Recipients and data processors

For the provision of services and the operation of the app, Brauerei Locher AG may disclose personal data to service providers and data processors where this is necessary.

This includes, in particular, providers in the following areas:

  • Analytics and app statistics
  • Crash reporting
  • Push notifications
  • Location and cloud services
  • Apple login
  • Google login
  • Email and marketing communications
  • Back-end and CMS systems
  • App development and technical operations

This currently includes, in particular: Google / Firebase, Apple, Mailchimp, Contao, Hidden Brains, and further technical service providers, insofar as this is necessary for hosting, operation, development or support.

Disclosure abroad

Brauerei Locher AG may disclose personal data to recipients abroad where this is necessary for the operation of the app, for technical services, for analytics and messaging services, for login functions, for marketing processes or for support services.

At present, the systems and data operated or controlled by Brauerei Locher AG are generally processed or stored within the EU. In connection with certain third-party providers, particularly in the areas of analytics, login, messaging, marketing or chat services, processing or access from abroad cannot be entirely ruled out in all cases. Where personal data is disclosed to countries that do not provide an adequate level of data protection, this will, where possible, be based on appropriate contractual safeguards or other permitted protection mechanisms.

Data retention period

Unless otherwise required in a specific case, Brauerei Locher AG retains personal data as follows:

  • Account data: for as long as the user account remains active
  • Deleted user accounts: 30 days after deletion to allow possible restoration, after which the data is permanently deleted
  • Drops, Wallet and redemption data: for as long as the user account remains active
  • Location data: during active use of the app and within back-end systems where necessary for location-based promotions; such data is permanently deleted 30 days after the user account is deleted
  • Game data: for as long as the user account remains active
  • Monthly leaderboard / game-related rankings: 30 days
  • Log data: 30 days
  • Chatbot histories: 90 days, after which the data is deleted
  • Support data: retained indefinitely within the email system
  • Marketing email data: until the user unsubscribes from marketing communications

Data may also be retained beyond these periods where necessary to comply with legal obligations, for evidential purposes, for the establishment, exercise or defence of legal claims, or for technical security reasons.

Account Deletion & Support Request

  • Delete Account: Users can delete the account using the app feature "Delete Account" in last tab.
  • Retention Period Post Delete Account: 30 days after deletion to allow possible restoration, after which the data is permanently deleted.
  • Support Requests: You can submit support requests via email at dropshop@brauereilocher.ch. or through the Contact Center section.