Preliminary remarks

Where this policy (hereinafter: “Privacy Policy”) speaks of “we” or “us”, it refers to 

Con.tact Worldwide Match GmbH 

Prenzlauer Allee 242 • 10405 Berlin

+49 171 6880087

j.naeder@con-tact.com 

(hereinafter: “con.tact”). We take the protection of your personal data seriously and are using this opportunity to inform you about data protection at con.tact.

The EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) has imposed a variety of obligations on us to ensure that personal data belonging to the data subject is protected during processing.

Where we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to provide you with transparent information about the nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and Art. 14 GDPR). The Privacy Policy informs you about how your personal data is processed by us.

1. General points
   1. Definitions

This Privacy Policy uses the following definitions as set out in Art. 4 GDPR:

– “Personal data” means any information relating to an identified or identifiable natural person (hereinafter: “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

– “Processing” means any operation which involves the handling of personal data, whether or not by automatic means. This includes, in particular, the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing operation was originally based.

– “Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

– “Third party” means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.

– “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

– “Consent” of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed.

1. 2. Further explanations 

We use definitions to make our Terms of Use and Privacy Policy clearer. The following definitions therefore apply: 

• “Network” covers the entire range of services we make available to you. This includes the app and its functions, the underlying programming language and all associated technical tools.
• “Members” are the people who have registered on our network.
• “Account” is the area assigned to one member; you can add pictures and information about yourself to your area to create a personal profile.
• “Partners” are the companies with which we collaborate. 

1. 3. Amendment of the Privacy Policy 

1.3.1 We regularly check our Privacy Policy to determine whether changes or additions are necessary due to the continuing development of data protection law as well as technological or organisational changes. We will notify you of any changes we make.

1.3.2 This Privacy Policy is current as at June 2022.

 

1. 4. Requirement to provide personal data

We have made it our mission to connect you with other members. We need you to provide personal data so that we can fulfil this mission. If you do not want us to process your personal data, we will not be able to provide our service in the way we would like to.

2. Information about the processing of your data
   1. Collection of personal data concerning you

2.1.1 We collect personal data about you when you use our network. Personal data includes, for example, your name, location data, IP address, device identifier, SIM card number, address and email address. Images, films, audio recordings and your user behaviour fall into this category as well.

2.1.2 We also collect special categories of personal data within the meaning of Art. 9 GDPR. This involves in particular recording your gender and the gender of the members with whom you would like to connect. This data is only collected with your consent.

 

2. 2. Legal basis for data processing

2.2.1 In principle, any processing of personal data is prohibited by law and only permitted if one of the following legal justifications applies to the processing of data:

– Art. 6 para. 1 s. 1 point a) GDPR (“consent”): Where the data subject has freely given his or her unambiguous and informed consent, by means of a declaration or other unambiguous affirmative act, to the processing of personal data relating to him or her for one or more specified purposes;

– Art. 6 para. 1 s. 1 point b) GDPR: Where processing is necessary for the performance of a contract to which the data subject is party or to carry out measures prior to entering into a contract at the data subject’s request;

– Art. 6 para. 1 s. 1 point c) GDPR: Where processing is necessary for compliance with a legal obligation to which the controller is subject;

– Art. 6 para. 1 s. 1 point d) GDPR: Where processing is necessary to protect the vital interests of the data subject or another natural person;

– Art. 6 para. 1 s. 1 point e) GDPR: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

– Art. 6 para. 1 s. 1 point f) GDPR: Where processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless overriding interests or rights of the data subject exist to the contrary, in particular where the data subject is a child. When personal data is processed for the purpose of “promotional emails and push notifications”, an advertising measure pursuant to Section 7 para. 3 Act against Unfair Competition (UWG) may occur if 

(1) a business has obtained the customer’s electronic mail address in connection with the sale of a good or service, 

(2) the business uses the address for direct marketing of their own similar goods or services,

(3) the customer has not objected to the use and

(4) the customer is clearly informed at the time of collection of the address and at each use that he/she may object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.

2.2.2 The provisions presented here describe the possible legal bases for processing operations carried out by us. The following text indicates the applicable legal basis for processing in each case. Processing may also be justified by several legal bases.

2.2.3 We will obtain your prior consent if and when we process special categories of data within the meaning of Art. 9 GDPR. Consent is given voluntarily and may be withdrawn at any time. It is possible that we will no longer be able to provide our network as promised in the Terms of Use once you have withdrawn consent. Your withdrawal of consent may lead to the deletion of your account in this case. 

2. 3. Data collected during download

2.3.1 Downloading this app requires certain personal data that will be transferred to the corresponding app store (e.g. Apple App Store or Google Play).

2.3.2 The email address, user name, customer number of the downloading account, individual device identification number, payment information and the time of the download in particular are transferred to the app store during download.

2.3.3 We have no influence on the collection and processing of this data, which is carried out exclusively by the app store selected by you. We are therefore not responsible for this collection and processing; the app store is exclusively responsible for this processing.

 

2. 4. Data collected during use

We collect and process the following data from you:

2.4.1 Device information: Access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of the retrieval, time zone, the amount of data transferred, the notification of whether the data transfer was complete, app crash, browser type and operating system. We process this data to ensure that you receive a technically flawless copy of our app. The legal basis is Art. 6 para. 1 sentence 1 point b) GDPR.

2.4.2 Registration and login data: This refers to data that you provide to us and that is required to use the app by creating a user account. This data includes your email address, password, UserID, first name and surname. The legal basis is Art. 6 para. 1 sentence 1 point b) GDPR. 

2.4.3 Special registration and login data: During registration, you also enter your gender and the gender of the partner you are looking for. We require this personal data to provide you with a “match”, i.e. to suggest a suitable contact to you. The legal basis for this is Art. 9 para. 2 sentence 1 point a) GDPR.

2.4.4 Location data and profile information: We process your personal data to provide you with a “match”. 

2.4.4.1 This includes your first name, surname, date of birth, address including post code, city, street, house number, telephone number, IP address and profile picture. The legal bases are Art. 6 para. 1 sentence 1 point b), Art. 6 para. 1 sentence 1 point f) or Art. 6 para. 1 sentence 1 point a) GDPR.

2.4.4.2 This includes your sexual orientation and gender. We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis for this is Art. 9 para. 2 sentence 1 point a) GDPR.

2.4.4.3 This includes the GPS location data of the device you are using and location data about nearby radio access networks. We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis is Art. 6 para. 1 sentence 1 point a) GDPR.

2.4.4.4 Camera, stored media and files: We need access to your camera and your stored media in order to create the best possible profile. We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis is Art. 6 para. 1 sentence 1 point a) GDPR.

2.4.4.5 Contacts: We access your contacts to grow our network. We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis is Art. 6 para. 1 sentence 1 point a) GDPR.

2.4.5 Promotional emails, push notifications, newsletters and customer service: We process your personal data to deliver tailored advertising from partners and information that reflect your interests. This data includes your email address, password, user ID, date of birth, first name, surname, published gender, approximate location, technical data about your device and your postcode, town, street and house number in the case of postal advertising. The legal bases are Art. 6 para. 1 sentence 1 point a), Art. 6 para. 1 sentence 1 point f) GDPR, Section 7 para. 3 UWG.

 

2. 5. Use of cookies

2.5.1 We use cookies when operating our app. Cookies are small text files that are placed in the memory of your mobile device and assigned to the mobile app you are using and through which certain information is transferred to the entity that places the cookie. Cookies are unable execute programs or transmit viruses to your computer and therefore cannot cause any damage. Their purpose is to increase the ease of use and efficiency of our app, so to make it more pleasant for you.

2.5.2 Cookies may contain data that may permit your device to be recognised. In some cases, however, cookies only contain information on certain settings, although this cannot be associated with a specific person. Cookies cannot be used to identify a user directly.

2.5.3 Any use of cookies that is not absolutely necessary for technical reasons counts as data processing that may only be performed with your explicit and active consent in accordance with Art. 6 para. 1 sentence 1 point a) GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we only transfer personal data that is processed by cookies to third parties if you have given your explicit consent in this regard according to Art. 6 para. 1 sentence 1 point a) GDPR. You may withdraw your consent at any time with effect for the future.

2.5.4 A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored even after the end of a session. Cookies are also distinguished according to their function, namely:

– Technical cookies: These cookies are essential in order to navigate within the app, use basic functions and to ensure the security of the app; they do not collect information about you for marketing purposes and do not store the websites you visit. The legal basis is Art. 6 para. 1 sentence 1 point b) GDPR;

– Performance cookies: These cookies collect information about how you use our app, which pages you visit and whether any errors occur when using the app; they do not collect information that could be used to identify you – any information collected is only used to improve our app and to learn what interests our users. We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis is Art. 6 para. 1 sentence 1 point a) GDPR;

– Sharing cookies: These cookies are used to improve interactivity between our app and other services (e.g. social networks). We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis is Art. 6 para. 1 sentence 1 point a) GDPR.

 

2. 6. Data storage period

2.7.1 We erase your personal data as soon as it is no longer necessary for the purposes for which we collected or used it. As a rule, we store your personal data for the duration of your use of, or contractual relationship with, our network. Your data is only stored on our servers in Germany, subject to a possible transfer in accordance with the provisions contained in Clause 4 of this Privacy Policy.

2.7.2 However, storage may extend beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings.

2.7.3 Third parties engaged by us will store your data on their system for as long as is necessary for us to provide the service according to the specific order.

2.7.4 This does not affect legal requirements concerning the storage and erasure of personal data. Where the statutory storage period expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis to do so.

 

2. 7. Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, taking into account the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological progress.

 

2. 8. Automated decision-making (including profiling)

2.9.1 We use automated decision-making (including profiling) to make all the benefits of our network available to you. Automated decision-making occurs when a decision concerning an individual is based solely on automated processing. This is the case when the decision is made only through the use of computers and algorithms and without any human intervention in the decision-making process. 

2.9.2 We use your personal data furthermore to optimise our proprietary matching algorithm. Optimising our algorithm enables us to introduce you to suitable members from our network who have similar interests. Automated decision-making therefore serves your interests also in the generation of qualitative rather than quantitative “matches”. We only use this data if you have given your explicit consent. You may withdraw your consent at any time with effect for the future. The legal basis is Art. 22 para. 2 point c) GDPR.

 

3. Responsibility for your data and contacting us
   1. Controller and contact details

3.1.1 The controller for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is con.tact.

3.1.2 Our company data protection officer is available at all times to answer any questions you may have and to act as your primary contact in matters relating to data protection. The contact details are:

Andrea Kannappel 

legal.solutions GmbH

Sophienstraße 1 – 10178 Berlin

a.kannappel@pagestreet.de

Tel.: +49 – 30 467 240 6-40

 

3. 2. Data collection when contacting us 

3.2.1 When you contact us by email or via a contact form, your email address, name and all other personal data that you provide while contacting us will be stored by us so that we can contact you to answer your question. The legal basis is Art. 6 para. 1 sentence 1 point b) GDPR (for contractual matters) or Art. 6 para. 1 sentence 1 point f) GDPR (for all other matters), depending on the concern when you make contact with us.

3.2.2 We erase this data as soon as its continued storage is no longer necessary. We will continue to store the data where statutory retention periods apply, but will restrict processing in this case.

 

4. Transferring your data
   1. Inclusion of external parties 

4.1.1 We use service providers commissioned by us for individual functions of our app. This applies in particular to the areas of IT, telecommunications and marketing. Here, for example, we work with Amazon Web Services, Inc., USA, (data hosting) and Google (Firebase developer tool). We ensure that suitable technical and organisational measures have been implemented in these cases to guarantee the protection of your rights. The service providers act exclusively according to our instructions and have been contractually obligated to comply with the applicable data protection provisions within the meaning of Art. 28 GDPR. For more information about Amazon Web Services, Inc. and data protection, click here, and for more information about Google Firebase, click here.

4.1.2 The following other categories of recipients may also have access to your personal data:

– Service providers for the operation of our app and the processing of data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT security). The legal basis for transfer is then Art. 6 para. 1 sentence 1 point b) or Art. 6 para. 1 sentence 1 point f) GDPR, insofar as contract processors are not involved;

– Government agencies/authorities, insofar as this is necessary for compliance with a legal obligation. The legal basis for transfer is then Art. 6 para. 1 sentence 1 point c) GDPR;

– Persons commissioned to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisers, supervisory authorities, parties involved in the acquisition of companies or the establishment of joint ventures). The legal basis for transfer is Art. 6 para. 1 sentence 1 point b) or Art. 6 para. 1 sentence 1 point f) GDPR.

4.1.3 Furthermore, we will only transfer your personal data to third parties if you have given your explicit consent to do so in accordance with Art. 6 para. 1 sentence 1 point a) GDPR.

 

4. 2. Transfer of personal data to third countries 

4.2.1 The transfer of your personal data may include international data transfers to jurisdictions such as the USA or other countries. If data is transferred or disclosed to a country outside the European Economic Area (EEA), such processing will only take place for compliance with our contractual and business obligations and for maintaining your business relationship with us. 

4.2.2 The European Commission issues adequacy decisions to certify that some third countries have a level of data protection comparable to the EEA standard (a list of these countries and a copy of the adequacy decisions can be found here) http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, other third countries to which personal data might be transferred may not have the necessary legal provisions to guarantee a consistently high level of data protection We ensure that data protection is adequately guaranteed where this is the case. We use[, as in the case of Amazon Web Services, Inc. and Google] standard contractual clauses approved by the European Commission for this purpose. Please contact our data protection officer to obtain more information in this regard.

5. Your rights
   1. Right to information

You have the right to obtain information about the personal data concerning you within the scope of Art. 15 GDPR. This includes:

• the purposes of processing;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
• if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
• the existence of a right to obtain the rectification or erasure of personal data concerning you or to obtain the restriction of processing by the controller or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• any available information on the origin of the data, where the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Article 22 para. 1 and 4 and, in those cases at least, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

 

5. 2. Right to object to data processing and withdraw consent

5.2.1 In accordance with Article 21 GDPR, you have the right to object to the processing of your personal data at any time. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.

5.2.2 In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent at any time. This has the consequence that we may no longer continue the processing of data based on this consent, with effect for the future. The lawfulness of processing carried prior to the withdrawal of consent remains unaffected. Where you withdraw this consent, it will no longer be possible to “match” with other users, and we will no longer be able to provide our service as described in the Terms of Use.

 

5. 3. Right to rectification and erasure

5.3.1 Where personal data concerning you is incorrect or incomplete, you have the right under Article 16 GDPR to request that we rectify or complete such data without delay.

5.3.2 You have the right to obtain the erasure of personal data concerning you where the conditions set out in Art. 17 GDPR are met. In particular, you have the right to erasure if the data in question is no longer necessary for the purposes for which it was collected or processed, if the data storage period has expired, if an objection has been made or if the processing is unlawful. 

 

5. 4. Right to restriction of processing

5.4.1 In accordance with Article 18 GDPR, you have the right to obtain restriction of processing of your personal data.

5.4.2 In particular, you have the right to restriction of processing if the accuracy of the personal data is disputed between you and us; in this case, the right shall apply for a period required to verify the accuracy. The same applies if the successful exercise of a right of objection is still disputed between you and us. You also have this right if you have a right to erasure and you request restriction of processing instead of erasure.

5. 5. Right to data portability 

In accordance with Art. 20 GDPR, you have the right to receive from us the personal data concerning you that you have provided to us in a structured, common, machine-readable format and to transfer it to another controller or to have it transferred by us.

 

5. 6. Contact for your rights

Please use the contact details above to exercise any of your rights under Clauses 5.1 to 5.5 (→ Clause 3.1.2). You must submit a request or a declaration to exercise these rights. The best way to send us this request or declaration is by email or post.

5. 7. Right to lodge a complaint with the supervisory authority

5.7.1 In accordance with Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority in connection with the processing of your personal data.