Privacy Notice for Lounge App


A. Foreword

We, the company Crossoak GmbH as operator of the Lounge App (hereinafter called: “we” or “us”) take the protection of your personal data seriously and would like to inform you at this point about data protection in our company.


We bear our responsibility under data protection law in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) to ensure the protection of personal data of the data subject (hereinafter also called “you” or “the Data Subject”).


Insofar as we decide either alone or jointly with others on the data processing purposes and means, this shall include above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and Art. 14 GDPR). With this declaration (hereinafter called: “Data Protection Information”) we inform you about the manner in which your personal data is processed by us.


I. Name and contact details of the Data Controller as well as of the company Data Protection Officer


This data protection information applies to data processing by


The Data Controller

Crossoak GmbH, Deilinger Str. 45, 78564 Wehingen, represented by the Managing Directors Kristijan Dragicevic, Christian Kast, Mario Wolf, e-mail:


If you have any questions or comments about the collection and processing of your personal data, please contact the aforementioned individuals.


II. Collection, processing and saving of personal data as well as the nature and purpose of its use


1. The collection of personal data relating to you

When the App is used, we collect personal data about you. However, the App is programmed to process as little personal data as possible.


2. Downloading the App


When downloading this App, certain personal data required for this purpose shall be transmitted to the corresponding app store (e.g. Apple App Store or Google Play Store).


In particular, the e-mail address, the user name, the customer number of the downloading account, the individual device identification number, payment information and the time of the download shall be transmitted to the respective app store during the download.


We have no influence over the collection and processing of this data, which is carried out exclusively by the respective app store you have selected. This correspondingly means we are not responsible for this collection and processing; responsibility for this lies solely with the respective app store.


Personal data is processed exclusively for the purpose of fulfilling the contract with you and for the implementation of pre-contractual measures that are performed at your request. The legal basis for this is Art. 6 Para. 1 Sentence 1 lit. b GDPR.


3. Use of the App


a) Access data

It goes without saying that we can only provide you with the benefits of our App if we collect certain personal data about you that is necessary for the operation of the App when you use it.


We collect the following so-called access data when you use our App:


·    network dial-up,

·    App settings as well as App characteristics,

·    the date of the retrieval,

·    time zone,

·    the amount of data transferred and the message of whether the data exchange was complete,

·    App crashes,

·    operating system.


This access data is processed in order to enable, improve and secure the technical operation of the App. You will not be personally identified as a user of the App and no usage profile will be created. We process this data to fulfil the Agreement between you and us (Art. 6 Para. 1 lit. b GDPR).


b) Registration

You are required to register in order to use our App. You must provide the following data for registration:


-          e-mail address,

-          profile photo, if desired.


The data processing is carried out for the purpose of fulfilling the Agreement with you (Art. 6 Para. 1 Sentence 1 lit. b GDPR).


c) Encounter data

As soon as you activate the Bluetooth function in our App, your smartphone sends out so-called encounter data via Bluetooth, which is received by the smartphones of other users of our App in your vicinity. In the case of the Android operating system, it is a technical requirement of Android that the location is simultaneously activated with Bluetooth. There is nothing we can do about this at the technical level. The location data will not be transmitted to us or used in any other way by us.


This data is processed for the purpose of fulfilling the Agreement with you (Art. 6 Para. 1 Sentence 1 lit. b GDPR).


d) Creation of the profile

To create the profile, you must provide the following personal data:


·         a username chosen by the User in person,

·         date of birth (month/year)

·         language skills,

·         place of residence (country)

·         gender,

·         height,

·         looking for chats and meeting new people, dating, relationship,

·         profile photo (if desired),

·         interests: choice of at least three interests from different categories,

·         matching criteria: the criteria for the match (age, gender, height, background).


The collected data will be stored on the smartphone of the User. This will not be forwarded by us to any server. Data processing is performed to fulfil the Agreement with you pursuant to Art. 6 Para. 1 Sentence 1 lit. b GDPR.


If special categories of personal data (e.g. health data, sexual orientation) are processed, this is done exclusively on the basis of your consent pursuant to Art. 9 Para. 1 lit. a GDPR. You may revoke the consent at any time.


e) Mobile data

If another user is found via Bluetooth, the following data is then recorded via the mobile data and transmitted to the end device of the other user: 

·         User-ID search criteria (“relationship”, “dating”, “chat” or “meeting new people”),

·         matching criteria,

·         selected interests.


The data is compared with the data on the smartphone of the other user. From this, a “score” with a percentage is determined, showing how well the users match. In the event of a match, this score is sent back to the first user, along with the username and profile picture.


This data is processed for the purpose of fulfilling the Agreement with you (Art. 6 Para. 1 Sentence 1 lit. b GDPR).


If special categories of personal data (e.g. health data, sexual orientation) are processed, this is done exclusively on the basis of your consent pursuant to Art. 9 Para. 1 lit. a GDPR. You may revoke the consent at any time.


4. Saving


We delete your personal data as soon as it is no longer necessary for the purposes for which we processed it. As a rule, we store your personal data for the duration of the usage or contractual relationship via the App. Your data is stored on our servers, which are located in the European Union.


However, storage may take place beyond the specified period in the event of a (threatened) legal dispute with you or other legal proceedings.


Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. § 257 HGB or § 147 AO). If the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.


III. Data security


We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the Data Subject. Our security measures are improved on an ongoing basis in accordance with technological developments. We shall be happy to provide you with additional information upon request.


IV. No automated decision-making (including profiling)


We do not intend to use any personal data collected from you for any automated decision-making process (including profiling). However, we reserve the right to anonymously record user behaviour statistically, e.g. the number of users. However, this does not enable any conclusions to be drawn about the identity of a user. Such statistics are used to optimise our App. The legal basis for this is Art. 6 Para. 1 Sentence 1 lit. f GDPR.


V. Transfer to third parties and data processing by third parties


1. Transfer to third parties

Your personal data shall not be transferred to any third party for reasons other than those specified above. We transfer your personal data to third parties only if


·         you have expressly given us your consent to do this pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR,

·         the disclosure is necessary in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms or those of another data subject requiring the protection of personal data override these,

·         if there is a statutory obligation to transfer this data pursuant to Art. 6 Para. 1 Sentence 1 lit. c GDPR, as well as

·         if this is permitted by law and is required pursuant to Art. 6 Para. 1 Sentence 1 lit. b GDPR to settle contractual relationships with you or to perform pre-contractual measures.


2. Processing of order data 

It may be the case that commissioned service providers are used to perform individual functions of our App. Like all major companies, we also use external domestic and foreign service providers to handle certain business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). They act only on our instructions and have been contractually obligated to comply with the data protection provisions within the meaning of Art. 28 GDPR. 


The following categories of recipients, which are usually processors, may have access to your personal data:


·         Service providers for the operation of our App and the processing of data stored or transmitted by the systems (e.g. for data centre services, payment processing, IT security). The legal basis for the forwarding is then Art. 6 Para. 1 Sentence 1 lit. b or lit. f GDPR, insofar as this does not relate to processors;

·         Government agencies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for the forwarding is then Art. 6 Para. 1 Sentence 1 lit. c GDPR;

·         Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in corporate acquisitions or the establishment of joint ventures). The legal basis for the forwarding is then Art. 6 Para. 1 Sentence 1 lit. b or lit. f GDPR.


In addition, we shall only pass on your personal data to third parties if you have given your express consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.


VI. Rights of the data subject

You have the right


·         pursuant to Art. 15 GDPR to demand information from us about the personal data we process relating to you. In particular, you may demand information about the purposes of the processing, the category of the personal data that is being processed, the categories of the recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to correction, erasure, limited processing or objection, the existence of a right to complain, the origin of your data, insofar as this were not gathered by us, as well as the existence of an automated decision-making procedure including profiling, and if necessary significant information about the relevant details.

·         pursuant to Art 16 GDPR, to demand the correction of your incorrect data saved by us or the completion of incomplete data without delay;

·         pursuant to Art 17 GDPR, to demand that the erasure of your personal data saved by us, insofar as the processing is not required to exercise the right to free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

·         pursuant to Art. 18 GDPR, to demand the limited processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, although you reject the erasure thereof and we no longer require the data, while you require this to assert, to exercise or to defend against legal claims or have objected to the processing pursuant to Art. 21 GDPR;

·         pursuant to Art 20 GDPR, to demand that the personal data you made available to the us be returned to you in a structured, accessible and machine-readable format, or to demand the transfer thereof to another data controller;

·         pursuant to Art. 7 Para. 3 GDPR, to revoke at any time the consent you originally gave us. This will mean that in future we are not able to continue the processing that was based on this consent; and

·         pursuant to Art. 77 GDPR file a complaint before a supervisory authority. As a rule, you may contact the supervisory authority of your normal place of residence or place of work or the domicile of our company.


VII. Right to object

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art 6 Para 1 Sentence 1 lit f GDPR, you have the right pursuant to Art 21 GDPR to object to the processing of your personal data, provided there are reasons for this arising out of your particular situation or if the objection concerns direct marketing. In the latter case, you have a general right to object, which will be implemented by us without your need to specify a particular situation.


If you wish to make use of your right to revoke or object, simply send an e-mail to


VIII. Topicality and amendment of this Privacy Notice

This Privacy Notice is currently valid and its version is November 2021.


Due to the continued development of our App and associated services, or on the grounds of amended statutory or official provisions, it may be necessary to amend this Privacy Notice.