Privacy Policy

Last Updated: August, 2025

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are using our Vibest application (hereinafter referred to as the “App”). In the following, we inform you about the handling of your personal data when using our App. Personal data refers to all data that can be used to personally identify you.

1.2 The controller responsible for data processing in connection with this App within the meaning of the General Data Protection Regulation (GDPR) is Vibest UG (haftungsbeschränkt), Kurt-Schumacher-Straße 1, 60311 Frankfurt am Main, Germany, Tel.: +49 1575 8218999, Email: vibestapp@gmail.com.
Vibest UG (haftungsbeschränkt) determines the purposes and means of processing personal data in the context of the provision and use of this App.

2) Use of Single Sign-On Procedures

2.1 Google Sign-In
In our App, we offer a single sign-on function provided by the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
In addition to the transmission of data to the provider’s location mentioned above, data may also be transferred to: Google LLC, USA.

If you have an account with the provider, you can use those account credentials to register or create a user account on our website.

When you access this site, a direct connection may be established between your browser and the provider’s servers via the sign-in function—even if you do not have an account with the provider or are not logged in to one. Through this connection, the provider receives information that you have visited our site. The information collected in this context (potentially including your IP address) is transmitted directly from your browser to a server of the provider and stored there. However, this information is not used to personally identify you and is not shared with third parties.

These data processing operations are carried out pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in providing a user-friendly and interactive online presence.

If you click the login button to register on our website using your account with the provider, the provider will—based solely on your explicit consent pursuant to Art. 6(1)(a) GDPR—transmit to us the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender).

We store and use the data transmitted by the provider for the purpose of setting up a user account with the necessary details (salutation, first name, last name, address, country, email address, date of birth), provided that you have made these available to the provider. Conversely, based on your consent, data (e.g., information about your browsing or purchasing behavior) may be transferred from us to your account with the provider.

You may revoke your consent at any time with future effect by contacting us.

For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

Further information on Google’s privacy policies can be found here:
https://business.safety.google/intl/de/privacy/

2.2 Facebook Connect
On our website, we offer a single sign-on function provided by the following provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
In addition to the transmission of data to the provider’s location mentioned above, data may also be transferred to: Meta Platforms Inc., USA.

If you have an account with the provider, you can use your account credentials to register or create a user account on our website.

When you visit our site, a direct connection between your browser and the provider’s servers may be established via the login function—even if you do not have an account with the provider or are not logged into such an account. Through this connection, the provider receives the information that you have visited our site. The information collected in this context (potentially including your IP address) is transmitted directly from your browser to a server of the provider and stored there. However, this information is not used to personally identify you and is not shared with third parties.

These data processing operations are carried out pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in providing a user-friendly and interactive online experience.

If you click the login button to register on our website using your provider account, the provider will—based solely on your explicit consent pursuant to Art. 6(1)(a) GDPR—transmit to us the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender).

You may revoke your consent at any time with future effect by notifying us.

3) Log Files When Using Our Mobile App

When you download our mobile app from an app store, the required information is transmitted to the app store—this typically includes your username, email address, customer account number, time of download, payment information, and the unique device identifier. We have no influence over this data collection and are not responsible for it. We process this data only to the extent necessary for downloading the mobile app onto your mobile device.

When using our mobile app, we collect the following personal data to ensure convenient use of its features. If you wish to use our mobile app, we collect the following data, which is technically necessary to provide the app’s functions and to ensure its stability and security:

Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request
Access status / HTTP status code
Amount of data transferred in bytes
Referring source or page from which you accessed the site
Browser used
Language and version of the browser software
Operating system and its interface
IP address used (potentially in anonymized form)

The processing of this data is carried out pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our app. This data is not passed on or used for any other purpose. However, we reserve the right to retrospectively review the aforementioned log files if there are concrete indications of unlawful use.

In addition, we require the following identifiers from your mobile device:

Your device’s unique number (IMEI – International Mobile Equipment Identity)
Your subscriber’s unique number (IMSI – International Mobile Subscriber Identity)
Your mobile number (MSISDN)
If applicable, the MAC address for WLAN use
The name of your mobile device

4) Hosting & Content Delivery Network

Firebase Cloud Storage
We use the web hosting service Firebase Cloud Storage, provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), for the purpose of hosting and displaying the content of the app, based on data processing carried out on our behalf.

All data collected within the app is processed on Google’s servers.

As part of the services mentioned above, data may also be transmitted to servers of Google LLC, USA as part of further processing on our behalf.
We have concluded a data processing agreement (DPA) with Google for the use of Firebase, in which Google commits to protecting the data of our app users and not disclosing it to third parties.

For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
Further information on Google’s data protection practices in connection with Firebase can be found at the following URL: https://firebase.google.com/support/privacy

Any further processing on servers other than those specified above will only take place within the scope described below.

5) Cookies

To make our app more attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after you close the app (so-called session cookies). Other cookies remain on your device and allow us to recognize you again (persistent cookies).

When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values, depending on the individual scope of the cookie. Persistent cookies are automatically deleted after a defined period, which may vary depending on the cookie.

In some cases, cookies are used to simplify the operation of the app by storing settings. If personal data is also processed by individual cookies used by us, such processing is carried out:

pursuant to Art. 6(1)(b) GDPR for the performance of a contract,
pursuant to Art. 6(1)(a) GDPR based on your consent (if granted), or
pursuant to Art. 6(1)(f) GDPR for the protection of our legitimate interests in ensuring the optimal functionality of the app and a user-friendly and efficient design of the app experience.

You can configure the settings of your mobile operating system and the app according to your preferences—for example, to reject third-party cookies or all cookies. However, please note that in this case, you may not be able to use all functions of our mobile app.

6) Use of Your Address Book, Calendar, Photos, and Reminders

At the start of using our mobile app, we will ask for your permission—via a pop-up—to access your address book and/or calendar and/or photos and/or reminders. If you do not grant permission, we will not access or use this data. However, please note that in such cases, you may not be able to use all functions of our app. You may grant or revoke your consent at any time later via your device’s operating system settings.

If you allow access to this data, the mobile app will access and transmit it to our servers only to the extent necessary to provide the corresponding functionality. Your data will be treated confidentially and will be deleted once you revoke your consent, the data is no longer required for the provision of the service, and there are no legal retention obligations.

The legal basis for this processing is Art. 6(1)(f) GDPR, based on our legitimate interest in providing the functionalities of the app.

7) Collection of Location Data

Our services include so-called location-based services, which allow us to offer you specific features tailored to your current location. Your location data is only transmitted to us when you use app functions that require knowledge of your location in order to be provided. This functionality uses your location data via GPS and your IP address in anonymized form to deliver the service.

For purposes of advertising, market research, and the demand-oriented design of our offering, we create usage profiles using pseudonyms. These data are not merged with other personal data.

You may object to the creation of such profiles at any time with future effect via the settings in the app. Alternatively, you may submit your objection by email to the address listed in the legal notice (Impressum).

8) Contacting Us

When you contact us (e.g., via contact form or email), personal data will be collected. The specific data collected when using a contact form can be seen from the respective form within the app.

These data are stored and used exclusively for the purpose of responding to your inquiry and for the technical administration associated with that communication. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

Your data will be deleted once your inquiry has been fully resolved, provided there are no statutory retention obligations that require otherwise. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

9) Data Processing When Creating a Customer Account

In accordance with Art. 6(1)(b) GDPR, we process personal data when you provide it to us in the context of using our dating app, either for the performance of pre-contractual measures or for the fulfillment of a contractual relationship — in particular, for the creation and management of a user profile. The specific data collected is determined by the input fields provided within the app.

Use of our app generally requires the creation of a personal user account. The data provided in this process (e.g., name, age, gender, location, interests, profile pictures, communication history) is processed to enable the app’s core functionality — in particular, partner suggestions, matching algorithms, and communication features.

You may delete your user account at any time via the dedicated function provided within the app.

Once the user relationship has ended and/or the account has been deleted, your personal data will generally be erased unless legal obligations (e.g., tax or commercial retention obligations under § 147 AO, § 257 HGB) require continued storage. In such cases, the relevant data will be blocked and deleted automatically after the applicable retention periods have expired.

If you have granted us explicit consent for further use of your data (e.g., for newsletters or product information), the processing will be based on Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect.

10) Data Processing for Contract Fulfillment

-Apple Pay

If you choose the payment method “Apple Pay” provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” function of your device operated with iOS, watchOS, or macOS by charging a payment card stored in “Apple Pay.” Apple Pay uses security features built into the hardware and software of your device to protect your transactions. To authorize a payment, you are required to enter a code set by you beforehand and verify your identity using your device’s Face ID or Touch ID functionality.

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before forwarding it to the payment service provider of the payment card stored in Apple Pay to carry out the transaction. This encryption ensures that only the website where the purchase was made can access the payment information. After the payment is completed, Apple sends the website a device account number and a transaction-specific dynamic security code to confirm the success of the payment.

Where personal data is processed during these transmissions, such processing is carried out exclusively for the purpose of payment handling pursuant to Art. 6(1)(b) GDPR.

Apple retains anonymized transaction data, such as the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. The anonymization fully excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you initiated via Safari on your Mac, your Mac and the authorization device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that would identify you personally. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and deactivate “Allow Payments on Mac.”

Further information about data protection in connection with Apple Pay is available at:
https://support.apple.com/de-de/HT203027

– giropay

One or more online payment methods provided by the following service provider are available within this app:
paydirekt GmbH, Stephanstr. 14–16, 60313 Frankfurt am Main, Germany.

If you select a payment method from this provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and card information, currency, and transaction number), as well as information regarding the contents of your order, will be transferred to the provider in accordance with Art. 6(1)(b) GDPR.

The data is transferred solely for the purpose of processing the payment with the provider and only to the extent necessary for that purpose.

– Google Pay

If you choose the payment method “Google Pay” offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed through the Google Pay app on your mobile device running at least Android 4.4 (“KitKat”) and equipped with NFC functionality. The transaction is carried out by charging a payment card stored in Google Pay or a verified payment system linked to it (e.g., PayPal).

For payments exceeding €25, your mobile device must be unlocked using the verification method you have set up (e.g., face recognition, password, fingerprint, or pattern) before authorization via Google Pay can be completed.

To process the payment, the information you provide during the checkout process along with order details will be transmitted to Google. Google then forwards your stored payment information to the merchant in the form of a one-time transaction number. This transaction number does not contain any real payment data associated with your stored payment method but is generated and transmitted as a unique numeric token. In all Google Pay transactions, Google acts solely as an intermediary to facilitate the payment process. The actual transaction is executed exclusively between the user and the original website by debiting the payment method stored in Google Pay.

If personal data is processed during the above-described transmission, it is done exclusively for payment processing purposes pursuant to Art. 6(1)(b) GDPR.

Google reserves the right to collect, store, and evaluate certain transaction-specific information for each Google Pay transaction. This may include:

Date, time, and amount of the transaction
Merchant location and description
Item descriptions provided by the merchant
Photos you attach to the transaction
Names and email addresses of both seller and buyer (or sender and recipient)
Payment method used
Any user-supplied description of the reason for the transaction
Any applicable offer linked to the transaction

According to Google, this processing is carried out exclusively on the basis of Art. 6(1)(f) GDPR, in Google’s legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google may also combine the processed transaction data with other information collected and stored from your use of other Google services.

You can find the terms of use for Google Pay at:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on Google Pay’s privacy practices is available at:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

– PayPal

One or more online payment methods from the following provider are available on this website:
PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method from this provider that requires you to make an advance payment, your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number), as well as information about the contents of your order, will be transferred to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data occurs exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method for which we provide advance payment (e.g., invoice or installment purchase), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and if applicable, data about an alternative payment method).

To protect our legitimate interest in verifying your creditworthiness, these data will be transmitted by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks, based on the personal data you provide and additional data (such as shopping cart contents, invoice amount, order history, payment experience), whether the selected payment option can be granted in view of risks of payment default and/or non-fulfillment of claims.

The credit check may include probability values (so-called score values). To the extent that score values influence the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other data but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or directly to the provider. However, the provider may remain entitled to process your personal data insofar as this is necessary for proper payment processing under the contract.

– RevenueCat

For in-app payments, payment is processed via RevenueCat Inc., 300 Euclid Avenue, San Francisco, CA 94118, USA. We transfer the information you provide during the ordering process, along with information about your order, to RevenueCat.

The transfer of your data occurs exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR and only to the extent necessary for this purpose.

We have concluded a data processing agreement with RevenueCat Inc., obligating the provider to protect the data of app users and not to disclose it to third parties.

Further information on RevenueCat’s data protection can be found here:
https://www.revenuecat.com/privacy

– Secupay

One or more online payment methods from the following provider are available on this website:
secupay AG, Goethestraße 6, 01896 Pulsnitz, Germany.

If you select a payment method from this provider that requires you to make an advance payment (e.g., credit card payment), your payment data provided during the ordering process (including name, address, bank and card information, currency, and transaction number), as well as information about the contents of your order, will be transferred to the provider in accordance with Art. 6(1)(b) GDPR. The transfer of your data occurs exclusively for the purpose of payment processing with the provider and only to the extent necessary.

If you select a payment method for which the provider makes the advance payment (e.g., invoice, installment purchase, or direct debit), you will be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and if applicable, data on an alternative payment method).

To protect our legitimate interest in verifying the creditworthiness of our customers, these data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks, based on the personal data you provide and additional data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment method you selected can be granted regarding risks of payment default and/or non-fulfillment of claims.

For the decision within the application review, besides internal provider criteria in accordance with Art. 6(1)(f) GDPR, identity and credit information from the following credit agencies may be included:

infoscore Consumer Data GmbH (arvato), Rheinstraße 99, D-76532 Baden-Baden, Tel.: +49 (0)7221-5040-1000, Fax: -1001
Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Tel.: +49 (0)2131-109-501, Fax: -557
EOS Payment Solutions GmbH, Steindamm 80, 200 Hamburg

The credit report may include probability values (so-called score values). If score values are part of the credit report results, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among others but not exclusively, address data.

You may object to the processing of your data at any time by sending a message to us or directly to the provider. However, the provider may remain entitled to process your personal data insofar as this is necessary for proper payment processing under the contract.

– SOFORT

One or more online payment methods from the following provider are available on this website:
SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.

– Stripe

If you choose a payment method from the payment service provider Stripe, payment processing is carried out via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transfer the information you provide during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6(1)(b) GDPR.

The transfer of your data occurs exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary.

Further information on Stripe’s data protection can be found at:
https://stripe.com/de/privacy#translation

11) Registration in the App

You can register in our app by providing personal data. Which personal data is processed for registration is determined by the input fields used in the registration form. We use a so-called double opt-in procedure for registration, meaning your registration is only complete once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If you do not confirm within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. All other information can be provided voluntarily by using our portal.

When you use our app, we store the data necessary to fulfill the contract, including any information about your payment method, until you permanently delete your account. Furthermore, we store any data you voluntarily provide for the duration of your use of the portal, unless you delete it earlier. All data can be managed and changed by you within the secure customer area. The legal basis for this processing is Art. 6(1)(f) GDPR.

In addition, we store all content you publish to operate the app. We have a legitimate interest in providing the app with complete user-generated content. The legal basis for this is Art. 6(1)(f) GDPR.

If you delete your account, your statements published in particular in the forum will remain visible to all readers; however, your account will no longer be accessible. All other data will be deleted in this case.

12) Comment Function

When using the comment function in our app, in addition to your comment, information about the time the comment was created and the Username you have chosen are stored and published within this app. Furthermore, your IP address is logged and stored. This storage of the IP address is carried out for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a comment.

We require your email address in order to contact you if a third party objects to your published content as being unlawful. The legal bases for the storage of your data are Art. 6(1)(b) and Art. 6(1)(f) GDPR. We reserve the right to delete comments if they are reported as unlawful by third parties.

You, as a user, can subscribe to follow-up comments. For this purpose, you will receive a confirmation email to ensure that you are the owner of the specified email address (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Art. 6(1)(a) GDPR.

13) Use of Your Data for Direct Advertising

13.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. The provision of additional data is voluntary and is used to address you personally.

We use the so-called double opt-in procedure for sending the newsletter. This means we will only send you an email newsletter once you have explicitly confirmed that you wish to receive it. We will then send you a confirmation email asking you to confirm your subscription by clicking a link provided for this purpose.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When registering for the newsletter, we store your IP address as entered by your internet service provider (ISP), as well as the date and time of registration, in order to trace any potential misuse of your email address at a later time.

The data we collect when you subscribe to the newsletter is used exclusively for promotional purposes via the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by notifying the controller mentioned at the beginning of this document.

Once you unsubscribe, your email address will be immediately removed from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data in a manner that is legally permitted and about which we inform you in this statement.

13.2 Newsletter Dispatch to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for products or services similar to those already purchased from our range. In this case, we do not need to obtain separate consent from you in accordance with § 7(3) UWG (German Act Against Unfair Competition).

The processing of this data is based solely on our legitimate interest in personalized direct advertising under Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent.

You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with effect for the future by notifying the controller named at the beginning of this privacy policy. The only costs you will incur are the transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.

14) Delivery of Push Notifications

You have the option to subscribe to receive our push notifications. Through these notifications, you will regularly receive information about our offered services.

To subscribe, you must confirm the receipt of notifications or enable them in your device’s operating system settings. This process is recorded and stored. The data stored includes the timestamp of your subscription as well as your device identifier. The collection of this data is necessary to enable the display of push notifications and to allow us to trace the process in the event of misuse. This is essential for our legal protection. The processing of this data is carried out on the basis of Article 6(1)(a) of the General Data Protection Regulation (GDPR).

You may revoke your consent to the storage and use of your personal data for the receipt of our push notifications and the aforementioned statistical collection at any time with effect for the future. To withdraw your consent, you can deactivate the corresponding push notification settings in the app settings or in your device’s operating system.

Your data will be deleted as soon as it is no longer necessary to fulfill the purpose for which it was collected. Accordingly, your data will be retained for as long as your subscription to our push notifications remains active.

15) Use of Social Media

Our website and app contain links to the social networks Facebook, Instagram, TikTok, and YouTube. These are static links in the form of graphics or text references, which only establish a connection to the respective social network when actively clicked by the user.

As long as you do not click on any of these links, no personal data will be transmitted to the mentioned social networks via our website or app. Only once you click on a corresponding link will you be redirected to the respective provider. In such cases, data processing takes place outside of our sphere of responsibility.

Please note that from the moment you are redirected, the processing of your personal data is governed solely by the data protection policies of the respective social network. We have no influence over data processing conducted on those platforms. The responsibility for data protection-compliant handling lies with the respective social network operator.

16) Online Marketing

16.1 “Advertising Identifier”

For advertising purposes, we use the so-called “Advertising Identifier” (IDFA). This is a unique, but non-personalized and non-permanent identification number for a specific device provided by iOS. The data collected via the IDFA is not linked with other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate its usage.

If you activate the “Limit Ad Tracking” option in your iOS settings under “Privacy” – “Advertising”, we are only able to perform the following measures: measure your interaction with banners by counting the number of banner displays without a click (“frequency capping”), click-through rates, determination of unique users (“unique user”), as well as security measures, fraud prevention, and error detection.

You may reset the IDFA at any time in your device settings (“Reset Advertising ID”), which will generate a new IDFA that is not merged with previously collected data. Please note that restricting the use of the IDFA may limit some functionalities of our app.

16.2 Google AdMob

This app uses Google AdMob, a web advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdMob uses so-called cookies, i.e., text files that are stored on your device and allow analysis of your use of the app. In addition, Google AdMob also uses so-called “web beacons” (small invisible graphics) to collect information. These web beacons enable the recording, collection, and evaluation of simple interactions within the app, such as clicks on buttons.

The information generated by cookies and/or web beacons (including your IP address) about your use of this app is usually transferred to a Google server and stored there. This may also involve transmission to the servers of Google LLC. in the USA.

Google uses this information to evaluate your usage behavior regarding AdMob ads. The IP address transmitted by your browser in the context of Google AdMob will not be merged with other data from Google. The information collected by Google may be passed on to third parties if required by law or if third parties process this data on Google’s behalf.

All processing activities described above, in particular accessing information on your device via cookies and/or web beacons, are only carried out if you have given your explicit consent pursuant to Art. 6 (1)(a) GDPR. Without your consent, Google AdMob will not be used during your visit to the app.

You may revoke your consent at any time with effect for the future by deactivating this service via the “cookie consent tool” provided within the app.

16.3 Google Ads Conversion Tracking

This app uses the online advertising program “Google Ads” and, within the scope of Google Ads, the conversion tracking feature by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

We use Google Ads to draw attention to our attractive offers via advertising materials (so-called Google Ads) on external websites. In relation to the data from advertising campaigns, we can determine how successful the individual advertising measures are. Our goal is to show you ads that are of interest to you, make our app more interesting to you, and ensure a fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files stored on your device. These cookies generally expire after 30 days and are not used for personal identification. If the user visits specific pages of this app and the cookie has not expired, Google and we can recognize that the user clicked the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of different Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that could personally identify users.

In the context of using Google Ads, personal data may also be transferred to the servers of Google LLC. in the USA.

Details about the data processing triggered by Google Ads Conversion Tracking and how Google handles data from websites can be found here:
https://policies.google.com/technologies/partner-sites

All the processing described above, in particular the setting of cookies to access information on the device used, is only carried out if you have given your explicit consent pursuant to Art. 6 (1)(a) GDPR. You can revoke your consent at any time with future effect by deactivating this service via the “cookie consent tool” provided on the website.

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=de

To deliver more interest-based advertising to users whose data we have received as part of business or business-like relationships, we use the “Customer Match” function within Google Ads. For this purpose, we electronically transmit one or more files containing aggregated customer data (mainly email addresses and phone numbers) to Google. Google does not gain access to the plain data; instead, it automatically encrypts the information during the transmission process using a special algorithm. Google may then use the encrypted information only to match it to existing Google accounts set up by the individuals concerned. This enables the delivery of personalized ads across all Google services linked to the respective Google account.

The transmission of customer data to Google is carried out exclusively with your explicit consent pursuant to Art. 6 (1)(a) GDPR. You can withdraw your consent at any time with future effect. Further information about Google’s data protection measures regarding Customer Match can be found here:
https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

17) Web Analytics Services

Google (Universal) Analytics

This app uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our app.

By default, when visiting the app, Google (Universal) Analytics sets cookies — small text files stored on your device — to collect certain information. This includes your IP address, which, however, is truncated by Google before storage to prevent direct personal identification.

The collected information is transmitted to Google servers for further processing. This may also involve transfers to Google LLC, based in the USA.

Google uses the information collected on our behalf to evaluate your use of the app, to compile reports on app activity for us, and to provide other services related to the use of the app and the internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data. The data collected through the use of Google (Universal) Analytics is stored for a period of two months and then deleted.

All processing activities described above — in particular, the placement of cookies on your device — are carried out only if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, Google (Universal) Analytics will not be used during your visit to the app.

You may withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service using the “cookie consent tool” provided within the app.

We have entered into a data processing agreement with Google, which ensures the protection of our app users’ data and prohibits unauthorized disclosure to third parties.

Further legal information on Google (Universal) Analytics can be found at:

https://business.safety.google/intl/en/privacy/
https://policies.google.com/privacy?hl=en
https://policies.google.com/technologies/partner-sites

Demographic Features

Google (Universal) Analytics uses the special “demographic features” function, which allows the creation of statistics regarding the age, gender, and interests of users. This is achieved through the analysis of ads and information from third-party providers. This data can be used to identify target groups for marketing purposes. However, the collected data cannot be assigned to a specific person and is deleted after a storage period of two months.

Google Signals

As an extension of Google (Universal) Analytics, this app may use Google Signals to generate cross-device reports. If you have activated personalized advertising and linked your devices to your Google account, Google — subject to your consent for the use of Google Analytics pursuant to Art. 6(1)(a) GDPR — can analyze your usage behavior across devices and create database models, including those related to cross-device conversions. We do not receive any personal data from Google, only anonymized statistics.

If you want to stop cross-device analysis, you can disable the “Personalized Ads” feature in your Google account settings. Follow the instructions here:
https://support.google.com/ads/answer/2662922?hl=en
More information about Google Signals is available here:
https://support.google.com/analytics/answer/7532985?hl=en

User IDs

As another extension of Google (Universal) Analytics, this app may use the “User IDs” feature. If you have consented to the use of Google (Universal) Analytics pursuant to Art. 6(1)(a) GDPR, have created an account within the app, and log in with this account on various devices, your activities — including conversions — can be analyzed across those devices.

18) Retargeting / Remarketing / Referral Advertising

Google Ads Remarketing

This app uses retargeting technology from the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

For this purpose, Google places a cookie in the browser of your device, which, using a pseudonymous cookie ID and based on the pages you have visited, automatically enables interest-based advertising. Any further data processing will only take place if you have given your consent to Google for your web and app browsing history to be linked to your Google account and for information from your Google account to be used for the personalization of ads you see online.

If you are logged into Google while visiting our app and have given this consent, Google uses your data in conjunction with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target audiences.

In connection with the use of Google Ads Remarketing, it is also possible that personal data will be transmitted to servers of Google LLC in the USA.

All processing activities described above — particularly the setting of cookies for reading information from the device used — will only take place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, the use of retargeting technology will not occur during your visit.

You may revoke your consent at any time with effect for the future. To exercise your right of revocation, please disable this service via the “cookie consent tool” provided in the app.

Meta Pixel

Within our online offering, we use the “Meta Pixel” service from the following provider:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

When a user clicks on an advertisement we have placed on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using “Meta Pixel.” After redirection, this URL parameter is stored in the user’s browser via a cookie set by our linked site.

This allows Meta to identify visitors to our online offering as a target audience for displaying advertisements (so-called “ads”). Accordingly, we use this service to show our Facebook and/or Instagram ads only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products based on websites visited), which we transmit to Meta (so-called “Custom Audiences”).

Additionally, with the help of “Meta Pixel,” it is possible to track whether users are redirected to our website after clicking on an ad and what actions they take there (so-called “conversion tracking”).

The data collected is anonymous to us and does not allow us to identify individual users. However, the data is stored and processed by Meta, making a connection to the respective user profile possible, and Meta may use this data for its own advertising purposes.

All processing activities described above — in particular, the setting of cookies for reading information from the device used — only take place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR.
You can revoke your consent at any time with effect for the future by deactivating this service via the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

The information generated by Meta is generally transmitted to and stored on a server operated by Facebook. In this context, it may also be transmitted to servers of Meta Platforms Inc. in the USA.

19) Tools and Miscellaneous

19.1 – Firebase Crashlytics

We use “Firebase Crashlytics”, a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to generate anonymized crash reports aimed at improving the stability and reliability of our app.

Only based on your explicit consent pursuant to Art. 6(1)(a) GDPR, anonymous information is transmitted to Google’s servers in the event of a crash (such as the state of the app at the time of the crash, installation UUID, crash trace, device manufacturer and operating system, last log messages). Transfers to Google LLC in the USA may also occur. This information does not contain any personal data.

If you are using an iOS-based device, you can grant consent in the app settings or after a crash occurs.
If you are using an Android-based device, you have the option during setup to generally allow crash report transmission to Google and app developers.

You can withdraw your consent at any time by:

Disabling the “Crash Reports” function in the app settings on iOS.
Adjusting your system settings on Android. To do this, open the device settings, go to “Google,” then access the three-dot menu in the top right corner and select “Usage & Diagnostics.” You can disable the sending of relevant data there.

Further information on data protection can be found in Firebase Crashlytics’ privacy notice at:
🔗 https://firebase.google.com/support/privacy

19.2 – Google Maps

This app uses an online mapping service provided by:
Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. The use of this service enables our location to be displayed to you and may facilitate navigation.

As soon as you access app features in which Google Maps is integrated, information about your use of the app (e.g., your IP address) is transmitted to and stored on Google servers. This may also include transfers to Google LLC servers in the USA. This occurs regardless of whether you are logged into a Google user account or whether such an account exists. If you are logged into Google, your data is directly associated with your account. If you do not wish this association to your Google profile, you must log out before activating the map.

Google stores your data (even for users not logged in) as usage profiles and evaluates them. The collection, storage, and analysis are carried out based on Art. 6(1)(f) GDPR, grounded in Google’s legitimate interest in displaying personalized advertising, market research, and/or the tailored design of Google websites.

You have the right to object to the creation of these user profiles, and you must contact Google directly to exercise this right.

If you do not consent to the future transmission of your data to Google in connection with the use of Google Maps, you can fully disable the web service by turning off JavaScript in your browser settings. In this case, Google Maps and the map display in the app will no longer be functional.

Where legally required, we will request your consent in accordance with Art. 6(1)(a) GDPR before processing your data as described above. You may revoke your consent at any time with future effect using the methods described above.

19.3 – Google Web Fonts

To ensure consistent font display, this app uses web fonts provided by the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When using this app, the necessary web fonts are loaded to correctly display text and fonts. This involves establishing a direct connection to the provider’s servers, during which certain browser information — including your IP address — is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data in the context of connecting to the font provider’s servers is carried out only if you have granted us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by disabling this service through the “cookie consent tool” provided within the app.

If your browser does not support web fonts, a standard font from your device will be used.

Further information on Google’s data protection policies is available at:

https://business.safety.google/intl/en/privacy/
https://policies.google.com/privacy

20) Rights of the Data Subject

20.1 Your Rights

Applicable data protection laws grant you, as a data subject, comprehensive rights with respect to the processing of your personal data by the controller. These rights (rights of access and intervention) are detailed below:

Right of Access (Art. 15 GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to such data and the following information: the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or the criteria used to determine this duration, the existence of the right to rectification, erasure, restriction of processing, objection to processing, the right to lodge a complaint with a supervisory authority, the source of your data if not collected directly from you, the existence of automated decision-making including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing. You also have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in the event of a transfer of your data to a third country.
Right to Rectification (Art. 16 GDPR):
You have the right to obtain the immediate rectification of inaccurate personal data concerning you and/or to have incomplete data completed.
Right to Erasure (Art. 17 GDPR):
You have the right to request the erasure of your personal data under the conditions laid out in Art. 17(1) GDPR. This right does not apply, in particular, when the processing is necessary for the exercise of the right to freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise or defense of legal claims.
Right to Restriction of Processing (Art. 18 GDPR):
You have the right to request restriction of processing of your personal data while the accuracy of your data is being verified, if you oppose deletion due to unlawful processing and instead request restriction, if you need the data for the establishment, exercise or defense of legal claims after we no longer need it for the original purpose, or if you have objected to processing pending the verification of whether our legitimate grounds override yours.
Right to Notification (Art. 19 GDPR):
If you have asserted your right to rectification, erasure or restriction of processing with the controller, the controller is obligated to inform all recipients to whom your personal data was disclosed about the correction, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
Right to Data Portability (Art. 20 GDPR):
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller where technically feasible.
Right to Withdraw Consent:
You have the right to withdraw your previously granted consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Upon withdrawal, we will immediately delete the affected data, provided there is no other legal basis for further processing.

Please note: Certain features of our app may no longer be available without the relevant consent. To facilitate the withdrawal of consent, our app provides a feature allowing you to independently delete your user account and all associated personal data. Use of this feature replaces the need for a separate written withdrawal notice and also serves as complete data deletion in accordance with Art. 17 GDPR.

Right to Lodge a Complaint (Art. 77 GDPR):
If you believe that the processing of your personal data violates the GDPR, you have the right — without prejudice to any other administrative or judicial remedy — to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, workplace, or the place of the alleged infringement.

20.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE RELEVANT DATA.
HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING.
IF YOU OBJECT, WE WILL IMMEDIATELY STOP PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

21) Duration of Storage of Personal Data

The duration of the storage of personal data depends on the applicable legal basis, the purpose of processing, and — where relevant — any statutory retention periods (e.g., commercial or tax law retention requirements).

If personal data is processed on the basis of an explicit consent pursuant to Art. 6(1)(a) GDPR, such data will be stored until you revoke your consent.
Where statutory retention periods apply to data processed under Art. 6(1)(b) GDPR in connection with contractual or quasi-contractual obligations, the data will be routinely deleted once these retention periods have expired — provided the data is no longer required for contract performance or initiation, and/or there is no continuing legitimate interest on our part in retaining the data.
In cases where data is processed pursuant to Art. 6(1)(f) GDPR, the data will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
If personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, the data will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the specific processing situations outlined in this privacy notice, personal data will otherwise be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.