Privacy
Notice for Lounge App
A. Foreword
We, the company Crossoak
GmbH as operator of the Lounge App (hereinafter called: “we” or “us”) take the
protection of your personal data seriously and would like to inform you at this
point about data protection in our company.
We bear our responsibility under data
protection law in compliance with the EU General Data Protection Regulation
(Regulation (EU) 2016/679; hereinafter: “GDPR”) to ensure the protection of
personal data of the data subject (hereinafter also called “you” or “the Data
Subject”).
Insofar as we decide either alone or
jointly with others on the data processing purposes and means, this shall
include above all the obligation to inform you transparently about the nature,
scope, purpose, duration and legal basis of the processing (cf. Art. 13 and
Art. 14 GDPR). With this declaration (hereinafter called: “Data Protection
Information”) we inform you about the manner in which your personal data is
processed by us.
I. Name and contact details of the Data Controller as well
as of the company Data Protection Officer
This data protection information
applies to data processing by
The
Data Controller
Crossoak
GmbH, Deilinger Str. 45, 78564 Wehingen,
represented by the Managing Directors Kristijan Dragicevic, Christian Kast, Mario Wolf, e-mail:
datenschutz@lounge-app.eu.
If you have any questions or comments
about the collection and processing of your personal data, please contact the
aforementioned individuals.
II. Collection, processing and saving of personal data as
well as the nature and purpose of its use
1.
The collection of personal data relating to you
When the App is used, we collect
personal data about you. However, the App is programmed to process as little
personal data as possible.
2. Downloading the App
When downloading this App, certain
personal data required for this purpose shall be transmitted to the
corresponding app store (e.g. Apple App Store or
Google Play Store).
In particular, the e-mail address, the user name, the customer number of the downloading account,
the individual device identification number, payment information and the time of
the download shall be transmitted to the respective app store during the
download.
We have no influence over the
collection and processing of this data, which is carried out exclusively by the
respective app store you have selected. This correspondingly means we are not
responsible for this collection and processing; responsibility for this lies
solely with the respective app store.
Personal data is processed exclusively
for the purpose of fulfilling the contract with you and for the implementation
of pre-contractual measures that are performed at your request. The legal basis
for this is Art. 6 Para. 1 Sentence 1 lit. b GDPR.
3. Use of the App
a)
Access data
It goes without saying that we can only
provide you with the benefits of our App if we collect certain personal data
about you that is necessary for the operation of the App when you use it.
We collect the following so-called
access data when you use our App:
·
network dial-up,
·
App settings as well as App
characteristics,
·
the date of the retrieval,
·
time zone,
·
the amount of data transferred and
the message of whether the data exchange was complete,
·
App crashes,
·
operating system.
This
access data is processed in order to enable, improve and secure the technical
operation of the App. You will not be personally identified as a user of the
App and no usage profile will be created. We process this data to fulfil the
Agreement between you and us (Art. 6 Para. 1 lit. b GDPR).
b)
Registration
You are required to register in order
to use our App. You must provide the following data for registration:
-
e-mail address,
-
profile photo, if desired.
The data processing is carried out for
the purpose of fulfilling the Agreement with you (Art. 6 Para. 1 Sentence 1
lit. b GDPR).
c)
Encounter data
As soon as you activate the Bluetooth
function in our App, your smartphone sends out so-called encounter data via
Bluetooth, which is received by the smartphones of other users of our App in
your vicinity. In the case of the Android operating system, it is a technical
requirement of Android that the location is simultaneously activated with
Bluetooth. There is nothing we can do about this at the technical level. The
location data will not be transmitted to us or used in any other way by us.
This data is processed for the purpose
of fulfilling the Agreement with you (Art. 6 Para. 1 Sentence 1 lit. b GDPR).
d)
Creation of the profile
To create the profile, you must provide
the following personal data:
·
a username chosen by the User in
person,
·
date of birth (month/year)
·
language skills,
·
place of residence (country)
·
gender,
·
height,
·
looking for chats and meeting new
people, dating, relationship,
·
profile photo (if desired),
·
interests: choice of at least three
interests from different categories,
·
matching criteria: the criteria for the
match (age, gender, height, background).
The collected data will be stored on
the smartphone of the User. This will not be forwarded by us to any server.
Data processing is performed to fulfil the Agreement with you pursuant to Art.
6 Para. 1 Sentence 1 lit. b GDPR.
If special categories of personal data
(e.g. health data, sexual orientation) are processed,
this is done exclusively on the basis of your consent pursuant to Art. 9 Para.
1 lit. a GDPR. You may revoke the consent at any time.
e)
Mobile data
If another user is found via Bluetooth,
the following data is then recorded via the mobile data and transmitted to the
end device of the other user:
·
User-ID search criteria
(“relationship”, “dating”, “chat” or “meeting new people”),
·
matching criteria,
·
selected interests.
The data is compared with the data on
the smartphone of the other user. From this, a “score” with a percentage is
determined, showing how well the users match. In the
event of a match, this score is sent back to the first user, along with the
username and profile picture.
This data is processed for the purpose
of fulfilling the Agreement with you (Art. 6 Para. 1 Sentence 1 lit. b GDPR).
If special categories of personal data
(e.g. health data, sexual orientation) are processed,
this is done exclusively on the basis of your consent pursuant to Art. 9 Para.
1 lit. a GDPR. You may revoke the consent at any time.
4. Saving
We delete your personal data as soon as
it is no longer necessary for the purposes for which we processed it. As a
rule, we store your personal data for the duration of the usage or contractual
relationship via the App. Your data is stored on our servers, which are located
in the European Union.
However, storage may take place beyond
the specified period in the event of a (threatened) legal dispute with you or
other legal proceedings.
Legal requirements for the storage and
deletion of personal data remain unaffected by the above (e.g.
§ 257 HGB or § 147 AO). If the storage period prescribed by legal regulations
expires, the personal data will be blocked or deleted unless further storage by
us is necessary and there is a legal basis for this.
III. Data security
We use appropriate technical and
organisational security measures to protect your data against accidental or
intentional manipulation, partial or complete loss, destruction or against
unauthorised access by third parties, taking into account the state of the art,
implementation costs and the nature, scope, context and purpose of the
processing, as well as the existing risks of a data breach (including its
probability and impact) for the Data Subject. Our security measures are
improved on an ongoing basis in accordance with technological developments. We
shall be happy to provide you with additional information upon request.
IV. No automated decision-making (including profiling)
We do not intend to use any personal
data collected from you for any automated decision-making process (including
profiling). However, we reserve the right to anonymously record user behaviour
statistically, e.g. the number of users. However, this
does not enable any conclusions to be drawn about the identity of a user. Such
statistics are used to optimise our App. The legal basis for this is Art. 6
Para. 1 Sentence 1 lit. f GDPR.
V. Transfer to third parties and data processing by
third parties
1. Transfer to third parties
Your personal data shall not be
transferred to any third party for reasons other than those specified above. We
transfer your personal data to third parties only if
·
you have expressly given us your
consent to do this pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR,
·
the disclosure is necessary in accordance
with Art. 6 Para. 1 Sentence 1 lit. f GDPR to protect our legitimate interests
or those of a third party, unless your interests or fundamental rights and
freedoms or those of another data subject requiring the protection of personal
data override these,
·
if there is a statutory obligation to
transfer this data pursuant to Art. 6 Para. 1 Sentence 1 lit. c GDPR, as well
as
·
if this is permitted by law and is
required pursuant to Art. 6 Para. 1 Sentence 1 lit. b GDPR to settle
contractual relationships with you or to perform pre-contractual measures.
2. Processing of order data
It may be the case that commissioned
service providers are used to perform individual functions of our App. Like all
major companies, we also use external domestic and foreign service providers to
handle certain business transactions (e.g. for IT,
logistics, telecommunications, sales and marketing). They act only on our
instructions and have been contractually obligated to comply with the data
protection provisions within the meaning of Art. 28 GDPR.
The following categories of recipients,
which are usually processors, may have access to your personal data:
·
Service providers for the operation
of our App and the processing of data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT
security). The legal basis for the forwarding is then Art. 6 Para. 1 Sentence 1
lit. b or lit. f GDPR, insofar as this does not relate to processors;
·
Government agencies/authorities,
insofar as this is necessary to fulfil a legal obligation. The legal basis for
the forwarding is then Art. 6 Para. 1 Sentence 1 lit. c GDPR;
·
Persons employed to carry out our
business operations (e.g. auditors, banks, insurance
companies, legal advisors, regulatory authorities, parties involved in
corporate acquisitions or the establishment of joint ventures). The legal basis
for the forwarding is then Art. 6 Para. 1 Sentence 1 lit. b or lit. f GDPR.
In addition, we shall only pass on your
personal data to third parties if you have given your express consent to this
in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.
VI. Rights
of the data subject
You have the right
·
pursuant to Art. 15 GDPR to demand
information from us about the personal data we process relating to you. In
particular, you may demand information about the purposes of the processing,
the category of the personal data that is being processed, the categories of
the recipients to whom your data has been or will be disclosed, the planned
retention period, the existence of a right to correction, erasure, limited
processing or objection, the existence of a right to complain, the origin of
your data, insofar as this were not gathered by us, as well as the existence of
an automated decision-making procedure including profiling, and if necessary
significant information about the relevant details.
·
pursuant to Art 16 GDPR, to demand the
correction of your incorrect data saved by us or the completion of incomplete
data without delay;
·
pursuant to Art 17 GDPR, to demand that
the erasure of your personal data saved by us, insofar as the processing is not
required to exercise the right to free speech and information, to fulfil a
legal obligation, for reasons of public interest or to assert, exercise or
defend legal claims;
·
pursuant to Art. 18 GDPR, to demand the
limited processing of your personal data insofar as you contest the accuracy of
the data, the processing is unlawful, although you reject the erasure thereof
and we no longer require the data, while you require this to assert, to
exercise or to defend against legal claims or have objected to the processing
pursuant to Art. 21 GDPR;
·
pursuant to Art 20 GDPR, to demand that
the personal data you made available to the us be returned to you in a
structured, accessible and machine-readable format, or to demand the transfer
thereof to another data controller;
·
pursuant to Art. 7 Para. 3 GDPR, to
revoke at any time the consent you originally gave us. This will mean that in
future we are not able to continue the processing that was based on this
consent; and
·
pursuant to Art. 77 GDPR file a complaint
before a supervisory authority. As a rule, you may contact the supervisory
authority of your normal place of residence or place of work or the domicile of
our company.
VII. Right to object
Insofar as your personal data is
processed on the basis of legitimate interests pursuant to Art 6 Para 1
Sentence 1 lit f GDPR, you have the right pursuant to Art 21 GDPR to object to
the processing of your personal data, provided there are reasons for this
arising out of your particular situation or if the objection concerns direct
marketing. In the latter case, you have a general right to object, which will
be implemented by us without your need to specify a particular situation.
If you wish to make use of your right
to revoke or object, simply send an e-mail to info@lounge-app.eu.
VIII. Topicality and amendment of this Privacy Notice
This Privacy Notice is currently valid
and its version is November 2021.
Due to the continued development of our
App and associated services, or on the grounds of amended statutory or official
provisions, it may be necessary to amend this Privacy Notice.