Privacy Policy 

Last Updated: April, 2026

The protection of your personal data is of great importance to us. This Privacy Policy transparently informs you about the data we collect, how we process it, and what rights you have.

Use of our App requires your consent to this Privacy Policy and to our Terms and Conditions. Without such consent, the App’s core functions cannot be provided and use of the App is not permitted. By using the App, you acknowledge and accept both this Privacy Policy and our Terms and Conditions.

1) Controller and Contact Information

1.1 This Privacy Policy explains which personal data we collect when you use the Vibest application (hereinafter “App”) and how we handle such data. Personal data means any information that can be used to identify you personally.

2) Single Sign-On Services

2.1 Sign-In via Google

Our App provides a single sign-on function offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Personal data may also be transferred to Google LLC in the USA.

If you have a Google account, you may use it to register or sign in to our App. When you access the sign-in function, a direct connection to Google’s servers may be established — even if you do not have an account or are not logged in. Google thereby receives the information that our App has been accessed. The information collected (including your IP address) is transmitted directly to a Google server. This data is not used to personally identify you and is not shared with third parties without authorisation.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a user-friendly App design).

If you click the sign-in button, Google — solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR — transmits your publicly accessible account information to us (e.g. user ID, name, address, email address, age, gender).

We use this data exclusively to set up your user account, insofar as you have authorised the release to Google. Conversely, data may also be transferred from us to your Google account on the basis of your consent.

You may revoke your consent at any time with effect for the future.

For data transfers to the USA, Google has joined the EU-US Data Privacy Framework, insofar as the respective service is covered.
Further information: https://business.safety.google/intl/de/privacy/

2.2 Sign-In via Facebook

Our App also provides a single sign-on function offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data may also be transferred to Meta Platforms Inc. in the USA.

If you have a Facebook account, you may use it to register or sign in to our App.

When you use the sign-in function, a direct connection to Meta’s servers may be established, even if you are not logged in to Facebook or do not have an account. Meta thereby receives the information that our App has been used. The information transmitted (potentially including your IP address) is stored on a Meta server but is not used to personally identify you.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a user-friendly App design).

When you actively sign in via Facebook, your publicly accessible account information is transmitted to us — only with your express consent pursuant to Art. 6(1)(a) GDPR.

We use this data to set up your user account. On the basis of your consent, data may also be transferred from us to your Facebook account.

You may revoke your consent at any time with effect for the future.

For data transfers to the USA, Meta has joined the EU-US Data Privacy Framework, insofar as the respective service is covered.
Further information: https://www.facebook.com/privacy/policy/

2.3 Sign-In via Apple (Sign in with Apple)

Our App provides a single sign-on function via “Sign in with Apple” offered by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. In the EU, Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, is responsible.

If you have an Apple ID, you may use it to register or sign in to our App.

When you access the sign-in function, a connection to Apple’s servers is established. Apple authenticates you and transmits — solely on the basis of your express consent pursuant to Art. 6(1)(a) GDPR — your shared account information to us (e.g. name and email address). Apple offers you the option to hide your actual email address and use an Apple-generated relay address instead.

We use this data exclusively to set up and manage your user account.

The legal basis is Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR (legitimate interest in a user-friendly App design) for establishing the technical connection.

You may revoke your consent at any time with effect for the future.

For data transfers to the USA, Apple relies on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and, where applicable, supplementary protective measures.
Further information: https://www.apple.com/legal/privacy/

3) Technical Log Data (Log Files)

When you download our App from an app store, certain information is transmitted to the app store operator (including user name, email address, customer number, download time, payment information, device identifier). This data collection is outside our responsibility; we only process the data insofar as it is necessary for downloading the App to your device.

During use of our App, we automatically collect the following technical data necessary for stable and secure operation:

• Date and time of the request
• Time zone difference to GMT
• Request content
• HTTP status code
• Amount of data transferred (in bytes)
• Referrer source
• Browser or WebView used
• Language and software version
• Operating system and interface
• IP address (anonymised where applicable)

This processing is based on Art. 6(1)(f) GDPR — our legitimate interest in the stability and functionality of the App. The data is neither shared nor used for other purposes. We reserve the right to retrospectively review log files if there are concrete indications of unlawful use.

Where technically necessary, device identifiers, subscriber identifiers, mobile phone numbers, MAC addresses or device names may also be processed.

Retention period: Log files are automatically deleted after a maximum of 30 days, unless longer retention is required to investigate a specific security incident.

4) Hosting via Firebase

Firebase Services
For hosting and delivering App content, we use various Firebase services provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In particular, we use Firebase Authentication (registration and login), Cloud Firestore (database), Cloud Storage (file hosting) and further Firebase platform services as needed for App operation (e.g. message delivery, configuration). Processing is carried out on our behalf (commissioned processing).

All data collected in the App may be processed on Google’s servers. As part of commissioned processing, data may also be transferred to servers of Google LLC in the USA. A data processing agreement with Google is in place to protect your data and prohibit unauthorised disclosure.

For US transfers, Google has joined the EU-US Data Privacy Framework, insofar as the respective service is covered.
Further information: https://firebase.google.com/support/privacy

Processing on servers of other providers only takes place to the extent expressly described below.

5) Cookies, SDKs and Similar Technologies

To provide and improve our App, we use cookies and similar technologies (e.g. local storage, software development kits, device identifiers). These are text files, technical identifiers or software components that are stored on or read from your device.

Some of these technologies are removed when you close the App (session cookies or short-lived identifiers). Others remain on your device permanently and allow us to recognise you upon subsequent use (persistent cookies or permanent identifiers). These may collect information such as location data, device information and IP addresses to varying extents. Persistent technologies are automatically deleted after a defined period.

Some of these technologies serve to store your settings. Where personal data is processed, processing is based on Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest in optimal functionality and user-friendly App design).

Insofar as we store or read information on your device, we comply with the requirements of Section 25(1) TDDDG (Telecommunications Digital Services Data Protection Act) and obtain your consent unless an exception under Section 25(2) TDDDG applies.

You may adjust or reject the use of cookies and similar technologies via your operating system settings and — where available — via our consent management system. In this case, not all App functions may be available.

6) Access to Contacts and Photos

When you first use our App, we may request access to the following data via a pop-up:

• Photos / Media Library: For selecting and uploading profile pictures and exchanging media content.
• Camera: For taking photos directly within the App, e.g. for your profile picture or verification purposes.
• Contacts: For optional recognition of acquaintances or inviting people to the App.

Without your consent, we will not access this data. Certain App functions may not be available without the respective permission. You may grant or revoke permissions at any time via your operating system settings.

When permission is granted, the App accesses your data only to the extent necessary for the respective function and transfers it to our servers. We treat your data confidentially and delete it when you revoke the permission, the data is no longer needed for service provision, and no statutory retention obligations apply.

The legal basis is Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (performance of a contract), depending on the specific function.

7) Location-Based Services

Our App includes location-based functions (Location Based Services) that display content tailored to your location — for example, users near you. Your location is only transmitted to us when you actively use such a function. Location is determined via GPS and, where applicable, via your (anonymised or truncated) IP address.

Legal basis is your express consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Consent is obtained via the operating system pop-up and can be revoked at any time in your device settings.

If we create pseudonymised usage profiles for needs-based design, these are not combined with other personal data. You may object to this at any time via the App settings or by email to the address stated above.

8) Contact Requests

When you contact us (e.g. via a contact form, support function or email), we collect the personal data provided. The scope of data collected is determined by the respective input form.

We use this data exclusively to process your enquiry and for the associated technical administration.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). Where your contact is aimed at concluding or performing a contract, the additional legal basis is Art. 6(1)(b) GDPR.

After your enquiry has been conclusively resolved, your data will be deleted, provided no statutory retention obligations apply.

9) User Account, Special Categories of Data and Further Processing

We process personal data on the basis of Art. 6(1)(b) GDPR when you provide it to us in the course of using the App for pre-contractual measures or contract performance — in particular for creating and managing your user profile. The specific data collected is determined by the input fields within the App.

Use of the App generally requires a personal user account. The information provided therein (e.g. name, age, gender, location, interests, profile pictures, communication history and other profile data) serves to provide App functions, in particular match suggestions, matching algorithms, communication and account-related settings.

9.1 Special Categories of Personal Data (Art. 9 GDPR)

As a dating platform, our App allows voluntary disclosures that may reveal special categories of personal data within the meaning of Art. 9(1) GDPR — in particular regarding sexual orientation or gender preferences.

We process such information exclusively on the basis of your express consent pursuant to Art. 9(2)(a) GDPR, which is obtained during profile creation or editing. You may revoke this consent at any time by removing the relevant information from your profile or deleting your account.

This data is used exclusively for matching and generating match suggestions. Disclosure to third parties only occurs to the extent expressly described in this Privacy Policy.

You may delete your user account at any time via the function provided in the App.

After termination of the user relationship or account deletion, your data will generally be deleted. Statutory retention obligations (in particular under Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB)) remain unaffected; affected data will be blocked until the expiry of the relevant period and subsequently deleted automatically.

Where you have granted us additional consent for data use (e.g. for newsletters), processing is based on Art. 6(1)(a) GDPR. This consent may be revoked at any time.

9.2 AI-Powered Features / Google Gemini

Our App offers AI-based features including chat assistance, reply suggestions, content personalisation, and optimisation of matching and recommendation results.

The technical foundation is Google Gemini, which we individually customise and integrate into our App through our own configurations, prompts, rules and product logic.

When you actively use an AI feature, your inputs and relevant contextual data may be processed — including text inputs, chat content, profile information, interests, preferences, interaction data and usage-related metadata, insofar as necessary for the respective function.

The purpose of processing is the provision of AI features, generation of AI outputs, personalisation of suggestions, improvement of usability, abuse prevention, and ensuring security and stability.

Legal bases:

• Art. 6(1)(b) GDPR — insofar as processing is necessary to provide an actively requested function
• Art. 6(1)(a) GDPR — for optional additional personalisation
• Art. 6(1)(f) GDPR — for technical logging, error detection and security measures

The data recipient is in particular Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and where applicable Google LLC, USA.

Integration is via Firebase (Google Cloud). For Firebase and the Google Gemini API provided through it, a data processing agreement exists in the form of the Google Cloud Data Processing Addendum (CDPA). Therein, Google undertakes to process customer data exclusively in accordance with our instructions and, in particular, not to use it for training its own AI models unless separate consent has been given.

For data transfers outside the EU/EEA, statutory requirements apply. Google relies on the EU-US Data Privacy Framework for US transfers where applicable.

The AI features serve to support communication, personalisation and suggestions. No solely automated decision-making with legal or similarly significant effect within the meaning of Art. 22 GDPR takes place, unless otherwise stated in this Privacy Policy.

Note: AI-generated content may be inaccurate or incomplete and should be reviewed independently.

Processed data is retained only for as long as required by the stated purposes or statutory obligations. The general provisions of this Privacy Policy apply otherwise.

9.3 In-App Messaging and Chat

Via the integrated chat function, you can communicate with other users. Your messages and associated metadata (e.g. time of sending, sender, recipient) are processed and stored on our servers insofar as necessary for providing the communication function.

When you use the AI-powered reply suggestions (via Google Gemini), generated suggestions are only sent to the recipient after your active confirmation or individual modification. Full content control over every message remains with you.

The legal basis is Art. 6(1)(b) GDPR (performance of a contract). For purposes of abuse prevention and enforcement of our terms of use, processing is based on Art. 6(1)(f) GDPR.

9.4 Minimum Age

Use of our App requires a minimum age of 18 years. Your date of birth is requested during registration; account creation is only possible upon reaching the minimum age.

The legal basis for processing the date of birth is Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (compliance with legal obligations, in particular youth protection).

9.4.1 Children’s privacy and child safety

Vibest is not directed to children and is intended only for users who have reached the minimum age required to use such services under the laws of their country. In particular, children who are not permitted to use Vibest under applicable law must not create an account or use our services. We do not knowingly collect personal data from children who are not allowed to use the service. If we become aware that we have collected personal data from an ineligible child, we will take reasonable steps to delete the account and associated data. For more details on how we protect minors on Vibest, please see our Child Safety Standards Policy.

9.5 Reporting and Blocking Functions

You may report or block other users. When you submit a report, we process the information you provide (e.g. reason for reporting, any screenshots or message histories) as well as profile data of the reported user, in order to review the matter and take appropriate protective measures.

When you block a user, we store this information so that the blocked user can neither contact you nor view your profile.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in platform safety) and Art. 6(1)(c) GDPR (compliance with legal obligations, including under the Digital Services Act).

10) Payment Processing

Apple Pay

If you choose “Apple Pay” (Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) as your payment method, payment is processed via the Apple Pay function on your iOS, watchOS or macOS device.

Apple Pay protects your transactions through device-integrated security features. A code you have set and verification via Face ID or Touch ID are required to authorise a payment.

Your order information is transmitted to Apple in encrypted form. Apple re-encrypts this data with a developer-specific key before forwarding it to the payment service provider of the stored card.

The legal basis is Art. 6(1)(b) GDPR (payment processing).
Further information: https://support.apple.com/de-de/HT203027

Google Pay

If you choose “Google Pay” (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) as your payment method, payment is processed via the Google Pay app on your device.

Your order information is transmitted to Google. Google then transmits a one-time transaction number to us for payment verification.

The legal basis is Art. 6(1)(b) GDPR (payment processing).
Further information: Google Pay Privacy Notice

RevenueCat

For in-app purchases, technical processing is partly carried out via RevenueCat Inc., 300 Euclid Avenue, San Francisco, CA 94118, USA. We transmit your order and payment information to RevenueCat insofar as necessary for processing.

The legal basis is Art. 6(1)(b) GDPR. We have concluded a data processing agreement with RevenueCat to protect your data and prohibit unauthorised disclosure.
Further information: https://www.revenuecat.com/privacy

11) Registration

Use of our App requires registration with personal data. The specific data collected is determined by the respective input form.

Registration is secured via a one-time password (OTP) procedure. Your registration is only complete once you have successfully entered the verification code sent to you by email or SMS in the App. The code is valid for a limited time; after expiry, you must request a new one.

Certain information is mandatory for registration; all further information may be provided voluntarily during use of the App.

Your contract-related data (including any payment information) is stored until final deletion of your account. Voluntary information is retained for as long as you do not remove it. All information can be managed in the protected account area.

Content published by you is stored insofar as necessary for App operation (Art. 6(1)(f) GDPR).

Upon account deletion, your data will generally be deleted, provided no statutory retention obligations or overriding legitimate interests apply.

12) Direct Marketing

12.1 Email Newsletter

When you subscribe to our newsletter, we send you regular information about our offers. The only required information is your email address; further details are voluntary and serve for personalised communication.

We use the double opt-in procedure: you will only receive the newsletter after confirming your subscription via a confirmation link in an email sent by us.

By confirming, you grant your consent pursuant to Art. 6(1)(a) GDPR.

You may unsubscribe from the newsletter at any time via the unsubscribe link in each edition or by contacting us. Your email address will then be promptly removed from the distribution list, unless you have consented to further use or a legally permitted use exists.

12.2 Advertising to Existing Customers

Where you have provided us with your email address in connection with the purchase of goods or services, we may send you information about comparable offers by email without separate consent, in accordance with Section 7(3) of the German Unfair Competition Act (UWG).

This processing is based on Art. 6(1)(f) GDPR (legitimate interest in personalised direct marketing).

You may object to the use of your email address for advertising purposes at any time. Upon receipt of your objection, we will promptly cease using your email address for these purposes.

13) Push Notifications

You may activate the receipt of push notifications through which we regularly inform you about our offers.

Activation requires your consent via the operating system settings. We document this process (in particular the time of activation and device identifier). On iOS devices, push notifications are delivered via Apple Push Notification Service (APNs, Apple Inc.).

The legal basis is Art. 6(1)(a) GDPR (consent).

You may revoke your consent at any time by deactivating push notifications in your operating system or App settings. Your data will be deleted once the push subscription is no longer active.

14) Social Media Links

Our App may contain links to social networks (Facebook, Instagram, TikTok, YouTube). These are exclusively static links (graphics or text) that only establish a connection to the respective network when you actively click on them.

As long as you do not click on a link, no data is transmitted to these networks. After clicking, further data processing takes place under the responsibility of the respective network and in accordance with its privacy policy.

15) Online Advertising

15.1 Advertising Identifier

For advertising purposes, we may use your device’s advertising identifier (e.g. IDFA on iOS, Google Advertising ID on Android). This is a unique but not directly personal and non-permanent identifier.

We use this identifier for serving and evaluating personalised advertising.

Legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. On iOS devices, consent is obtained via Apple’s App Tracking Transparency (ATT) framework. On Android devices, you may restrict the use of the advertising identifier in your device settings.

Without your consent, certain advertising or analytics functions may be restricted.

15.2 Google AdMob

We use Google AdMob (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). AdMob uses cookies, web beacons or similar technologies to analyse App usage. The information generated may be transmitted to Google servers, including Google LLC in the USA.

Processing only takes place with your consent pursuant to Art. 6(1)(a) GDPR. Without consent, AdMob is not used.

You may revoke your consent at any time in the App’s privacy or consent settings.

15.3 Google Ads Conversion Tracking

We use conversion tracking by Google Ads (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) to measure the effectiveness of our advertising.

When you click on a Google ad, a tracking cookie is set that generally expires after 30 days and does not serve for personal identification.

Processing takes place exclusively with your consent pursuant to Art. 6(1)(a) GDPR.

16) App Analytics

Google Analytics 4
For analysing App usage, we use Google Analytics 4 (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). GA4 operates on an event-based model and collects various technical identifiers and device information.

Google processes this data on our behalf to create usage reports and perform further analyses related to App usage. IP addresses are automatically anonymised.

Processing only takes place with your express consent pursuant to Art. 6(1)(a) GDPR. Without consent, Google Analytics is not activated.

We have concluded a data processing agreement with Google. For US transfers, Google has joined the EU-US Data Privacy Framework, insofar as the respective service is covered.

17) Retargeting and Remarketing

Google Ads Remarketing

We use the retargeting technology of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. A cookie or similar identifier is placed on your device to enable interest-based advertising. Further processing only takes place if you have consented to Google linking your internet and app browsing history with your Google account.

Processing takes place exclusively with your consent pursuant to Art. 6(1)(a) GDPR.

Meta Pixel

We may use the “Meta Pixel” service (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for conversion tracking. This allows us to determine whether users reached our App after clicking on an advertisement and performed certain actions.

Processing takes place exclusively with your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future.

We have concluded a data processing agreement with Meta to protect your data and prohibit unauthorised disclosure to third parties. The information generated by Meta is stored on Meta servers; transfers to servers of Meta Platforms Inc. in the USA may also occur. For US transfers, Meta has joined the EU-US Data Privacy Framework, insofar as the respective service is covered.

TikTok Pixel

We may use the “TikTok Pixel” provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Data may also be transferred to ByteDance Ltd. or TikTok Inc. in the USA.

The TikTok Pixel is used for conversion tracking and retargeting. It allows us to determine whether users reached our App after clicking on a TikTok advertisement and performed certain actions. It also enables the delivery of interest-based advertising on the TikTok platform.

Processing takes place exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. You may revoke your consent at any time with effect for the future.

We have concluded a data processing agreement with TikTok to protect your data and prohibit unauthorised disclosure. For US transfers, TikTok relies on the EU-US Data Privacy Framework (where applicable) and on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

18) International Data Transfers

In the processing activities described in this Privacy Policy, personal data may be transferred to recipients in third countries, in particular the USA. Such transfers are always carried out in compliance with the requirements of Art. 44 et seq. GDPR.

For US transfers, the service providers used rely — where applicable — on the EU-US Data Privacy Framework pursuant to Art. 45(1) GDPR in conjunction with the adequacy decision of the EU Commission of 10 July 2023.

Where no adequacy decision applies, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR serve as the safeguard.

19) Your Rights as a Data Subject

19.1 Data protection law grants you the following rights vis-à-vis the controller:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Notification obligation / Right to be informed (Art. 19 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent (with effect for the future)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You may revoke any consent granted at any time with effect for the future. The lawfulness of processing carried out on the basis of consent prior to its withdrawal remains unaffected.

Where the App provides an account deletion function, you may use it in addition to exercising your rights. This function does not replace your statutory rights.

19.2 Right to Object

Insofar as we process your personal data on the basis of a legitimate interest, you have the right to object to such processing at any time on grounds relating to your particular situation.

Following your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time and without stating reasons. Following your objection, processing for advertising purposes will cease immediately.

20) Retention Periods

The retention period for personal data depends on the legal basis, the purpose of processing and, where applicable, the relevant statutory retention periods. An overview:

• Technical log data (log files): max. 30 days (longer in case of an incident investigation)
• Account and profile data: until account deletion, followed by prompt deletion subject to statutory retention obligations
• Chat and communication data: until account deletion or independent deletion by the user
• Payment data: 6 to 10 years after end of contract (Section 147 AO / Section 257 HGB)
• Proof of consent: for the duration of the respective processing plus statutory limitation periods (generally 3 years from the end of the year)
• Support enquiries: after conclusive processing, provided no retention obligations apply

Where processing is based on consent (Art. 6(1)(a) GDPR), data is retained until consent is withdrawn.

Where processing is contract-related (Art. 6(1)(b) GDPR), deletion occurs after expiry of statutory retention periods, provided the data is no longer required for contract performance and no legitimate interest in further retention exists.

Where processing is based on legitimate interests (Art. 6(1)(f) GDPR), data is retained until you exercise your right to object under Art. 21(1) GDPR, unless compelling legitimate grounds override or processing serves the defence of legal claims.

Where processing serves direct marketing purposes (Art. 6(1)(f) GDPR), data is retained until you exercise your right to object under Art. 21(2) GDPR.

Otherwise, personal data is deleted once the purpose of processing has ceased, unless otherwise stipulated in this Privacy Policy.