Privacy Statement

Privacy Policy for the Online Services of Jaumo (and related Apps)

In case of translation errors, the German version applies.

We, as the provider of the apps Jaumo, Lovely, Bloom, Finally, Disco, Spicy, and CSL (hereinafter also individually referred to as "App" or collectively as the "Apps"), as well as the associated internet service at https://www.jaumo.com (also "internet service"), are the controller within the meaning of the applicable data protection law, in particular the General Data Protection Regulation (GDPR), for the processing of personal data of the user ("you") of the Apps and the internet service.

Personal data is defined in the GDPR as all information relating to an identified or identifiable natural person.

In the following, we will provide you with a clear overview, in accordance with our information obligations (Art. 13 et seq. GDPR), of which personal data is processed when you use our Apps and our internet service, in what way, and on what legal basis this occurs. You will also receive information about your rights with respect to us and the competent supervisory authority.

1. Contact Information

The controller responsible for data processing is Joyride GmbH, Bartenbacher Str. 4, 73033 Göppingen, E-Mail: privacy@jaumo.com.

We have appointed a data protection officer, whom you can reach for all data protection-related requests at: Data Protection Officer c/o Joyride GmbH, Bartenbacher Str. 4, 73033 Göppingen, E-Mail: privacy@jaumo.com.

The data protection supervisory authority responsible for our company headquarters is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, accessible at https://www.baden-wuerttemberg.datenschutz.de/ and via email at poststelle@lfdi.bwl.de.

Further contact details for the data protection supervisory authorities of other federal states can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

2. Data Transfers to Third Countries

If personal data is transferred to one or more countries outside the scope of the GDPR ("third country") during the use of our Apps or our internet service, we will inform you of this separately in this privacy policy. Any transfer to third countries occurs within the framework of legal requirements. In the case of a data transfer to the United States of America, this means in particular that the requirements of the applicable adequacy decision of the EU Commission and the associated EU-U.S. Data Privacy Framework (DPF) are observed.

3. Use of Our Website

When using our internet service, different data processing may occur depending on the type of use.

a) Hosting

Our internet service is operated on the servers of the CDN provider Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter "Webflow"). This means that the data we collect when you visit our internet service may also be processed and stored in the USA.

The legal basis for the processing of your personal data is Art. 6(1)(f) GDPR, as it is in our legitimate interest to use the services of a professional provider for the secure and efficient provision of our website.

We have concluded a data processing agreement with Webflow in accordance with Art. 28 GDPR. Webflow is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TT9jAAG&status=Active.

b) Informational Use

When you access our internet service, our web servers automatically collect general information that is technically necessary for the display of the internet service. This includes the web browser used, the operating system used, the domain name of your Internet Service Provider, the IP address of the device you are using, the website from which you visit us, the pages of our internet service you access, and the date and duration of your visit.

We are not able to use this data to identify you. This information is evaluated by us merely for statistical purposes to improve the functionality of our internet service.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR. Insofar as we ask for your consent, the data processing is based on consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time.

c) Special Forms of Use

Special forms of use of our internet service may result in us processing further personal data from you.

d) Contact

You have the option to contact us by email, by phone, or via our contact form. Your personal data transmitted in this way will be stored by us. The data is processed exclusively to handle your contact request. The legal basis for the processing of your personal data is Art. 6(1)(f) GDPR. It is in our legitimate interests to process the data for handling and responding to your request.

The data is stored until it is no longer required to achieve the purpose of the conversation with you and the matter of your contact has been fully resolved.

A further legal basis for our processing is your consent pursuant to Art. 6(1)(a) GDPR, if you have expressly consented to the processing of your data, for example when using our contact form. You can revoke the granted consent at any time.

If your contact aims to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6(1)(b) GDPR. This data is stored for as long as it is necessary for the performance of the contract or pre-contractual measures. Beyond that, we only store your data to comply with legal obligations (e.g., tax obligations) (Art. 6(1)(c) GDPR).

In addition to the data you voluntarily provide, we may receive the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6(1)(f) GDPR) to ensure the security of our systems and to counter misuse. This data, which we additionally collect during your contact, will be deleted as soon as it is no longer needed, at the latest when the matter of your contact has been fully resolved.

A comparison of data you provide to us during a contact with other data we have collected from you will only take place if you have given us your express consent. This consent can be revoked at any time. You can inform us at any time that we should delete the data communicated during the conversation. In this case, all personal data of the conversation will be deleted, as far as permissible, and a continuation of the conversation will not be possible.

e) Newsletter

You can register for our email newsletter through both our Apps and our internet service. For this, we require your email address in addition to your declaration of consent.

We will only send you the newsletter after you have confirmed your registration by clicking the provided link in a confirmation email sent to you for this purpose. With this, we want to ensure that only you can register for the newsletter. You must confirm your registration promptly after receiving the confirmation email, otherwise your newsletter registration will be automatically deleted from our database.

The legal basis for sending the newsletter and for any voluntary additional information is Art. 6(1)(a) GDPR. By submitting and confirming the newsletter registration, you agree to the processing of your data by us.

Additionally, as part of your newsletter registration, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is in our legitimate interest according to Art. 6(1)(f) GDPR, to ensure the security of our systems and to prevent misuse. In the confirmation email sent for verification purposes, we also store your IP address as well as the date and time you click on the confirmation link.

The purpose of processing your email address is to be able to send you the newsletter. Your data is processed exclusively in connection with the dispatch of our newsletter. Additional data collected during the registration process serves to ensure the security of our services and to prevent misuse of the email address provided.

Your data is only stored for as long as is necessary to achieve the purpose. Your email address will only be stored beyond the period of your newsletter subscription if you have given your consent for this. The data that we additionally collect automatically during your registration (IP address, date, and time) will be deleted at the latest when you terminate your newsletter subscription. Data stored by us for other purposes remains unaffected.

For sending the newsletter, we use the service Brevo from Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. The processing of your data by Sendinblue is based on a data processing agreement pursuant to Art. 28 GDPR, which we have concluded with Sendinblue.

Our newsletter uses tracking functionalities, specifically a so-called tracking pixel and link tracking. This means we can track if and when you have opened the newsletter and the links it contains. We receive aggregated statistics that our service provider (see above) automatically creates. This means we only learn what percentage of recipients have opened the newsletter, or which content was particularly popular. This data is used exclusively for the statistical analysis of newsletter campaigns and can be used by us to better tailor future newsletters to the interests of the recipients.

If you do not agree with this tracking, we ask you to unsubscribe from the newsletter. This can be done at any time, for example by clicking on the appropriately marked button contained in every newsletter email. The analysis of your user behavior only occurs if you have consented to the newsletter dispatch and the associated personalized data analysis. The legal basis for data processing is your consent according to § 25 para. 1 TDDDG and Art. 6 para. 1 lit. a GDPR.

RIGHT OF WITHDRAWAL / Unsubscribe from Newsletter

You can unsubscribe from or cancel our newsletter at any time. A separate revocation of your consent to newsletter tracking is unfortunately not possible. Therefore, if you wish to object to newsletter tracking, you must also unsubscribe from the newsletter. The link for this can be found at the end of every newsletter. You can also unsubscribe from the newsletter at any time by sending us a corresponding message. By doing so, you revoke your consent with effect for the future and object to the further use of your data for the purpose of newsletter dispatch and tracking. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

f) Third-Party Tools

Our internet service uses functions offered by service providers commissioned by us. If, within the scope of these functionalities, personal data is processed by the service provider on our behalf, we have concluded a data processing agreement with them in accordance with Art. 28 GDPR. This means that the service provider only processes personal data whose processing is necessary for the functionality they offer, and that we ensure through legal, technical, and organizational measures, as well as regular checks, that the manner of this data processing complies with legal requirements. In particular, our service providers are not permitted to pass on personal data processed in this context or to use it for other purposes, such as their own commercial purposes.

Links to Social Networks

Our internet service includes links to the social networks Facebook, Tiktok, YouTube, LinkedIn, and Instagram. These are merely graphics with a link that redirects you to the corresponding social network when you click on the graphic. If you do not click on the link, we do not transmit any personal data to the respective social network. However, if you click on the link and are redirected to the corresponding social network, the processing of personal data there takes place outside of our internet service.

4. Downloading Our Apps

You can download our apps from an app store of your choice (Apple App Store or Google Play Store, hereinafter "Store") to a suitable end device (hereinafter generally "Smartphone"). When downloading one of our apps to your smartphone, the necessary information, in particular your Store username, email address, and account customer number, time of download, payment information, and the individual device identification number, is transferred to the respective Store. We have no influence on this data collection and are not responsible for it. We process this data only to the extent necessary for downloading the app to your smartphone. This data is not stored by us beyond that. The legal basis for this data processing is Art. 6(1)(f) GDPR, as it is in our legitimate interest to enable you to download and install the app by processing the necessary data.

5. Use of Our Apps

a) Hosting

Our Apps are operated on the servers of Zurkuhl GmbH, Fester Straße 54, 40882 Ratingen, Germany (hereinafter "Zurkuhl"). This means that the data we collect during the general use of our Apps is initially stored in Germany and thus within the EU.

The legal basis for this processing of your personal data is Art. 6(1)(f) GDPR, as it is in our legitimate interest to use the services of a professional provider for the secure and efficient provision of our Apps.

We have concluded a data processing agreement with Zurkuhl in accordance with Art. 28 GDPR.

At this point, we want to be transparent and point out that we cannot provide certain functionalities of our Apps, and in particular the personalized advertising measures that largely finance the app you use in each case, on Zurkuhl's servers. For this, we rely on the tools, services, and advertising networks of third-party providers. These providers are often based in third countries (e.g., the United States of America), so data transfers to third countries typically occur in this context. You can find more detailed information on these data processing and transfer activities in the following sections.

b) General Use of Our Apps

An internet connection is established during the use of our Apps. In doing so, we collect and process many different types of personal data, in particular data that you actively enter (e.g., message content) and data that arises from the specific use of individual app functions (e.g., sending a like, sending a message, in-app purchases, starting a session). The processing of this personal data is technically necessary to provide you with the exemplified and many other functions of the app you are using in a convenient manner and to ensure the stability and security of our information technology systems.

The following potentially personal data is processed at the start of a session:

• IP address
• Smartphone model
• Operating system version
• Device ID
• Date and time of the session start
• Time zone difference to Greenwich Mean Time (GMT)
• Association with your user account, if one exists

If you use other functions of one of our Apps, the personal data required for the function you have chosen will be processed in addition to the aforementioned data, such as:

• Date and time of the interaction
• Time zone difference to Greenwich Mean Time (GMT)
• The message content when sending a message
• The reference point of a like
• The product purchased in an in-app purchase

The specific personal data is therefore transparently derived from your respective interaction with the respective app. An association of such data with your person is generally possible. However, we only store this data temporarily. As soon as the data is no longer required to achieve the aforementioned purposes, we delete it immediately. The storage period therefore depends on the category of data. Registration data and data on purchases are stored for the duration of the registration. Data on messages is stored for 6 months.

Generally, we delete your personal data from our live system immediately when you delete your user account with us. After the user account is deleted, we only store pseudonymous data for the statistical analysis of app usage, detached from individual users, as well as data that we need to comply with our legal obligations (e.g., tax obligations).

The processing of this data is necessary for the provision of our Apps with their various, modern functions. The legal basis is therefore our legitimate interest pursuant to Art. 6(1)(f) GDPR. For individual functions, we may rely on your consent pursuant to Art. 6(1)(a) GDPR. Insofar as we have contractually committed to providing the app to you, the legal basis for data processing for which we do not obtain consent is the performance of a contract pursuant to Art. 6(1)(b) GDPR. The storage of data based on our legal obligations is based on Art. 6(1)(c) GDPR.

c) Registration for the App

To use our Apps, you must register as a user within the app you are using. For this, you must provide us with the following information:

• Email address
• Password
• Desired username
• Gender identity
• Usage preference (friendship or dating)
• Desired gender identity of contact suggestions
• Date of birth
• User photo

We process this data for the purpose of providing the functions associated with your account, thus for the performance of a contract with you pursuant to Art. 6(1)(b) GDPR. Furthermore, this information is necessary to fulfill the main function of the respective app, which is to connect users with similar interests. This suggestion function requires a minimum amount of information to be provided by users. A further legal basis is therefore our legitimate interest pursuant to Art. 6(1)(f) GDPR.

You also have the option to register in the respective app using a social login via an existing Google or Apple account. In this case, we process the email address you have stored with Google or Apple in addition to the data mentioned above. Google or Apple will then receive the information that you have registered or logged into our app. It is possible that Google or Apple may process further personal data in this context, for example about your smartphone, as part of a user profile and may use this for purposes such as advertising or market research. You have a right to object to this, which you must, however, exercise directly with Google or Apple. We would like to point out that the use of social login is voluntary. Our offer of such a login as a voluntary option is based on the legitimate interest within the meaning of Art. 6(1)(f) GDPR to offer low-barrier registration options upon request.

Optionally, you can also provide further information about yourself in your profile (e.g., about hobbies, musical taste, and other interests). This information enables us to connect users with similar interests even more specifically. The legal basis for processing simple information is therefore also the performance of the contract with you pursuant to Art. 6(1)(b) GDPR and our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Since the information you make public in your profile can also be sensitive data or allow conclusions to be drawn about particularly sensitive personal information (e.g., your political views, your religion, your health (e.g., whether you smoke or drink alcohol regularly)), we ask for your consent during registration to process this particularly sensitive data, in case you wish to provide such information. The legal basis is therefore, in addition to Art. 9(2)(e) GDPR, your consent according to Art. 9(2)(a) GDPR. This consent can be revoked at any time.

d) Cross-App Display of Your Profile within the Jaumo Network

If you have registered for one of our apps and created a profile within that app, we will ask for your consent after registration to display your profile in other apps of our Jaumo network as well. By doing this, we aim to maximize your chances of connecting with users of our other apps who have similar interests.

In which other apps from the Jaumo network your profile is displayed if you give your consent depends on the specific search criteria you have set within your profile:

• If you have not set any search criteria in your profile that match the apps Finally, Disco, Spicy, and/or CSL and you give us your consent, your profile will be displayed within the apps Jaumo, Lovely, and Bloom.
  • For better understanding: Example 1: If you have registered for the Jaumo app and consented to the cross-app display of your profile, we will also show your profile to users of the Lovely and Bloom apps.
  • Example 2: If you have registered for the Spicy app and consented to the cross-app display of your profile, we will also show your profile to users of the Jaumo, Lovely, and Bloom apps.
• If, on the other hand, you have set special search criteria in your profile that match our other apps Finally, Disco, Spicy, and/or CSL, and you have given your consent, your profile will be displayed not only in the apps Jaumo, Lovely, and Bloom, but also within Finally, Disco, Spicy, and/or CSL, provided these apps correspond to your search criteria.
  • For better understanding: Example 1: You have registered for the Jaumo app and consented to the cross-app display of your profile. Your profile will also be shown to users of the Lovely and Bloom apps (see above). In addition, you have specified in your search criteria that you are interested in dates with singles over 50. In this case, your profile will also be shown to users of the Finally app.
  • Example 2: You have registered for the Jaumo app and consented to the cross-app display of your profile. Your profile will also be shown to users of the Lovely and Bloom apps (see above). In addition, you have specified in your search criteria that you are looking for LGBTQ dates. In this case, your profile will also be shown to users of the Spicy app.

We would like to point out that regardless of whether you have consented to the cross-app display of your profile, you will also be shown the profiles of users within the app you are using who have themselves consented to the cross-app display of their profiles. The above explanations and examples apply to these users accordingly.

The cross-app profile display described here only occurs if you have given us your consent via the provided consent banner. The legal basis is therefore always consent pursuant to Art. 6(1)(a) GDPR.

You can revoke your consent at any time by going to the profile tab of the app and deactivating the cross-app profile display in your privacy settings, thereby withdrawing your consent.

e) App Permissions

To use certain functions of our Apps, it is necessary to grant specific permissions to the app you are using. If you do not wish to grant these permissions, you will not be able to use the corresponding functions.

• If you only want to see people in your vicinity, you must share your location.
• You can allow the app to send you notifications, for example, to inform you about new messages.
• You can allow the app to access your smartphone's microphone to record voice messages or join a live voice chat.
• It is also necessary to allow the app to access your smartphone's camera if you want to take a profile picture, or to access your smartphone's image gallery if you want to select an existing picture as your profile picture.

The legal basis for the processing of personal data following these permissions is in each case the performance of a contract pursuant to Art. 6(1)(b) GDPR. The legal basis for subsequent access to information on your end device and the storage of information on your end device following the granting of permission is § 25(2) No. 2 TDDDG. You are free to grant and revoke the corresponding permissions to the app at any time. Merely granting the permissions does not result in the permanent storage of additional personal data. What is decisive is rather your use of the respective functions.

f) Managing Consent with Google UMP

Our Apps use the Google User Messaging Platform ("Google UMP") for managing advertising consents and consents for the use of other services. This platform is offered to users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

The consent banner provided by this platform allows us to clearly break down for you which third-party providers could process your data if you grant us advertising consent. Furthermore, the banner allows us to manage consents that go beyond advertising purposes. The legal basis for using Google UMP is therefore our legitimate interest pursuant to Art. 6(1)(f) GDPR. You can always access the Google UMP to manage your consents later in the profile tab of the respective app under "Privacy".

g) Use without Advertising Consent

Our Apps are generally free to use. However, since our free service is financed by advertising revenue, using the full range of functions requires you to give us consent for personalized advertising. Otherwise, you have the choice of either using only basic account management functions (changing the password and deleting the account) or purchasing a paid subscription ("Pur-Abo"). If you have a Pur-Abo, no further consents are required to use the respective app. However, even with an existing Pur-Abo, you can still give us additional consents, for example, for functions that help improve the user experience of our app.

h) Use with Advertising Consent

If you decide to give us consent for receiving personalized advertising offers, we use tools and services from various third-party providers for the selection, management, and display of advertising content. The high number of different tools and services arises from the fact that we use various advertising networks to make the display of advertising content profitable and to be able to continue offering our apps for free.

To exchange granted consents across the various providers, our apps use the Transparency and Consent Framework ("TCF") of the Interactive Advertising Bureau ("IAB") Europe, a network for digital marketing. The TCF is a regularly updated standard for obtaining user consent, especially in the area of personalized advertising. In other words, this means that your consent status can be shared with other providers using the TCF. This is done via a so-called TC string, which is a pseudonymized piece of information about the extent and purposes for which you grant advertising consent. This TC string can be shared via the standardized IAB interface with third-party providers who place ads in our app. For you, this simplifies the granting and withdrawal of advertising consents, while the use of the TCF makes cooperation with our partners more practical. We currently use IAB TCF version 2.2, in line with the requirements of the consent tool Google UMP used in our apps. You can find more information at https://iabeurope.eu/transparency-consent-framework/.

You can grant your advertising consent within our apps using our consent tool, Google UMP. The corresponding consent banner will be displayed to you the first time you open the respective app. You can also always find the Google UMP later in the app's profile tab under "Privacy". In Google UMP, you can not only grant or deny consent but also determine the scope of your advertising consent, for example, with regard to the processing purposes and the third-party providers involved. Additionally, you will find more detailed information in Google UMP about the processing purposes, third-party providers, and their data protection policies.

If you give us unrestricted advertising consent, a large number of third-party providers and advertising networks will receive extensive personal data about you and will process this data for various purposes. These processing purposes may include in particular:

• Displaying contextual ads,
• Creating a personalized ad and content profile about you and your interests to show you relevant personalized ads and content,
• Displaying personalized ads based on the created profile, measuring the performance and effectiveness of the ads and content you see or interact with, market research to learn more about the audiences who use our apps and view ads and content,
• Improving existing systems and software and developing new products.

In summary, the data processing in the advertising context is aimed at tracking your user behavior, showing you ads and content based on your user behavior, interests, and needs, analyzing the success of the displayed ads and content, and continuously optimizing them. Furthermore, based on your unrestricted advertising consent, various pieces of information (e.g., device ID) will be accessed from your device, and information will be stored on your device using different technologies.

The data processing outlined here and detailed in Google UMP only takes place if you have given us your consent via the provided consent banner. The legal basis is therefore always consent pursuant to Art. 6(1)(a) GDPR or § 25(1) TDDDG. If the individual data processing involves a data transfer to third countries, this is done—depending on the processing constellation—in accordance with one of the transfer mechanisms provided for in Art. 45 et seq. GDPR (e.g., an adequacy decision by the EU Commission) and in compliance with the respective requirements of the transfer mechanism.

You can revoke any consent you have given at any time by accessing the profile tab of the respective app and withdrawing the consent in the Google UMP under "Privacy". If you do not wish to log into the respective app, you can also use the corresponding function in your device's operating system to "delete app data," which automatically revokes all consents granted in Google UMP. Some of the central tools, services, and advertising networks that we use with your consent are listed below. Comprehensive information on all tools, services, and advertising networks can be found in the Google UMP, which you can access in the profile tab of the app you are using under "Privacy".

1. Facebook SDKOur apps use the Facebook Software Development Kit (Facebook SDK) to deliver advertisements. The Facebook SDK is offered by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). The Facebook SDK uses information about your smartphone to control the display of certain advertisements. You can find more information about data protection when using Meta products here: https://www.facebook.com/privacy/center/.

2. Google AdMob/Google Ad ManagerOur apps use the Google AdMob or Google Ad Manager platform, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Dublin, Ireland. Both are solutions for offering ad inventory and centrally delivering these ads to different types of devices, for example, by integrating them into apps.

3. AppLovinOur apps use the service AppLovin, offered by AppLovin Corp., 1100 Page Mill Road, Palo Alto, CA 94304, USA. AppLovin is an ad management tool that allows us to monetize our service in a targeted manner. More information on data protection at AppLovin can be found here: https://www.applovin.com/privacy/.

4. MintegralOur apps use the service Mintegral, offered by Mintegral International Ltd., 16 Collyer Quay, Singapore 049318, Singapore. Mintegral is a mobile advertising platform that helps us achieve better integration of advertising in our apps. More information about data protection at Mintegral can be found here: https://www.mintegral.com/en/privacy.

5. PangleOur apps use the service Pangle, offered by Bytedance Pte. Ltd., One Raffles Quay North Tower #09-06 Singapore 048583 ("Bytedance"). Pangle is the advertising network of the video platform Tik Tok, which is also operated by Bytedance, and allows us to integrate related content into our apps. More information about data protection when using Pangle can be found here: https://www.pangleglobal.com/privacy.

6. Amazon AdsOur apps use the service Amazon Ads, offered in Europe by Amazon Europe Core S.à r.l., 38 Avenue John F. Kennedy, 1855 Luxembourg, Luxembourg. Amazon Ads allows us to integrate advertising content from the online retailer Amazon as well as from third parties into our apps. More information on data protection with Amazon Ads can be found here: https://advertising.amazon.com/de-de/legal/privacy-notice.

7. AppsFlyerOur apps use the service AppsFlyer, offered by AppsFlyer Ltd., 111 New Montgomery St, Suite 400, San Francisco, CA 94105, USA. AppsFlyer helps us analyze our advertising activities by attributing app installations or general user interactions to advertising campaigns. More information on data protection at AppsFlyer can be found here: https://www.appsflyer.com/legal/privacy-policy/.

8. Liftoff VungleOur apps use the service Liftoff, offered by Liftoff, Inc., 900 Middlefield Rd, Redwood City, CA 94063, USA. Liftoff allows us to integrate various networks into our apps. More information on data protection at Liftoff can be found here: https://liftoff.io/privacy-policy/.

i) Other Functionalities

Our apps have additional functions that are not for displaying personalized advertising content. These functions help to make the use of our apps safer and more enjoyable, as well as to continuously improve and expand our services. An important part of these measures is the use of Google Cloud Gemini, which we use in particular for the automated analysis and review of images and messages in chat groups for possible violations and to prevent abuse.

If the processing of personal data by our service providers is necessary in connection with these additional functions, this is done exclusively within the framework of a data processing agreement in accordance with Art. 28 GDPR. This contract ensures that personal data is only processed to the necessary extent and that suitable legal, technical, and organizational measures, as well as regular checks, guarantee that the processing complies with legal data protection requirements.

1. Firebase CrashlyticsFirebase Crashlytics is part of the Google Firebase development tool, a product of Google, which is offered in Europe by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and outside of Europe by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Firebase Crashlytics allows us to detect crashes and malfunctions of our apps in real-time. This helps us to find out how a crash or malfunction of the respective app occurred and thus to fix it more quickly.

Firebase Crashlytics processes various personal data and accesses corresponding information on your end device, such as:

• Crashlytics Installation UUIDs,
• Firebase installation ID,
• Breakpad minidump formatted data (NDK crashes only), crash timestamp
• Bundle ID and the full version number of the app, name and version number of the device's operating system
• A boolean value indicating whether the device is jailbroken/rooted
• Device model name, CPU architecture, amount of RAM and disk space

Firebase Crashlytics uses crash stack traces to associate crashes with a project, display them in the Firebase Console, and help us debug crashes. It uses Crashlytics Installation UUIDs to measure the number of users affected by a crash and minidump data to process NDK crashes. The minidump data is stored while the crash session is being processed and then deleted. The Firebase installation ID enables upcoming features that will improve crash reporting and crash management services. Firebase Crashlytics stores crash stack traces, extracted minidump data, and associated identifiers (including Crashlytics Installation UUIDs) for 90 days.

The legal basis for data processing within the scope of Firebase Crashlytics is your consent pursuant to Art. 6(1)(a) GDPR, and for access to device information, § 25(1) TDDDG. You can find more information about Firebase Crashlytics at https://firebase.google.com/products/crashlytics. The terms of service for Firebase Crashlytics are available here: https://firebase.google.com/terms/crashlytics.

2. Google AnalyticsGoogle Analytics is a service from Google, offered in Europe by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, which enables us to measure and analyze user behavior, user journeys, and in-app activities. The legal basis for data processing within the scope of Google Analytics is your consent pursuant to Art. 6(1)(a) GDPR, and for access to device information, § 25(1) TDDDG. More information about Google Analytics can be found at: https://developers.google.com/analytics?hl=de.

3. Cloud BigQueryGoogle Cloud BigQuery is a service from Google, operated by Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland, which assists us in the structured storage and analysis of our data. The legal basis for data processing within the scope of Google Cloud BigQuery is our legitimate interest pursuant to Art. 6(1)(f) GDPR in structured and secure data storage and analysis. More information about Google Cloud BigQuery can be found at: https://cloud.google.com/bigquery/docs/introduction?hl=de.

4. Google Cloud GeminiGoogle Cloud Gemini is a service from Google, operated by Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland, which enables us to check the content of chat messages for abuse and fraud (content moderation) and to offer a support chatbot that can help you with questions and problems with the app's functions. The legal basis for data processing within the scope of Google Cloud Gemini is our legitimate interest pursuant to Art. 6(1)(f) GDPR in the prevention of abuse and fraud on our platform and the protection of our users. More information about Google Cloud Gemini can be found at: https://cloud.google.com/ai/gemini?hl=de.

5. AppsflyerThe service of Appsflyer Ltd., located at Maskit 14, Herzliya, Israel, helps us to measure, optimize, and protect marketing measures. The legal basis for data processing within the scope of Appsflyer is your consent pursuant to Art. 6(1)(a) GDPR, and for access to device information, § 25(1) TDDDG. More information about Appsflyer can be found at: https://www.appsflyer.com.

6. ZendeskZendesk is a customer service platform from the provider Zendesk Inc., 989 Market St, San Francisco, CA 94103, USA. The use of Zendesk helps us to handle customer service inquiries more effectively. The legal basis for data processing within the scope of Zendesk is Art. 6(1)(f) GDPR. It is in our legitimate interests to use specialized software for the efficient processing of customer service inquiries and thus to be able to answer you as quickly and precisely as possible. More information on data processing when using Zendesk can be found at https://www.zendesk.de/trust-center/#privacy.

6. Your Rights

Here is the translation of the provided text:

6. Your Rights

As a person affected by the processing of personal data (a "data subject"), with regard to both the app(s) you use and our website, you have the following rights against us as the controller:

• Right of access, which is the right to request confirmation from us as to whether we are processing your personal data, and if so, to request further information, particularly about the purposes of the processing, categories of personal data, recipients or categories of recipients, and the storage period.
• Right to rectification, which is the right to have us immediately correct or complete any data we have stored about you that is inaccurate or incomplete.
• Right to restriction of processing, which is the right to request, under certain conditions, that we restrict the processing of your personal data, for instance, during an ongoing review of the accuracy of that data.
• Right to erasure, which is the right to request that we immediately delete your personal data in certain situations, for example, if we have processed your data unlawfully, the purpose for the data processing no longer exists, or you have withdrawn your consent for the processing, provided that the data processing cannot be based on other legal grounds in this case.
• Right to notification, which is the right that we, unless impossible or involving disproportionate effort, communicate any rectification, erasure, or restriction of processing to all recipients to whom we have disclosed your personal data.
• Right to data portability, which is the right, under certain conditions, to receive the data you have provided to us in a structured, commonly used, and machine-readable format, as well as the right to have this data transmitted to another controller.
• Right to object, which is the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is based on a legitimate interest of the controller or the performance of a task carried out in the public interest by the controller.
• Right to withdraw consent, which is the right to withdraw your consent at any time with future effect. The withdrawal of consent does not retroactively affect the lawfulness of the processing.
• Right to lodge a complaint, which is the right to lodge a complaint with a supervisory authority, without prejudice to any other legal remedies, regarding the processing of your personal data that you believe infringes the GDPR. This right can be exercised, in particular, in the Member State of your place of residence, your place of work, or the place of the alleged infringement.

You can assert these rights against us by, for example, using the contact options listed at the beginning.

If you have further questions about the contents of this privacy policy, our handling of your data, or any other data protection topics related to our products, we are of course also available to you there.

‍