We only store and process data that is necessary for running the app or that we as developers consider absolutely necessary to improve the app. We have designed BlindMate to provide you best possible privacy. We do not advertise, we do not sell data. And to be as transparent as possible, we go beyond the legal requirements and list absolutely all the data we collect and explain how we use it. We hope that it is possible to run an app sustainably without selling users' data and to finance ourselves (in the long rund) through an affordable premium model without ever having to sell your data. Should this no longer be possible one day, we would inform you.
Notice: We have just launched BlindMate and are working hard to fix bugs to make the app as good as possible for you. In order to find the bugs, we are currently collecting more data than planned in the long term. This data will be used by us solely to analyse the errors. This is primarily technical data, which we do not associate with your personal information. This data is processed by a third party plugin (Sentry), but is otherwise not visible to others. And while we're at it: even more than an error message, we welcome direct feedback from you.
Please excuse language mistakes. We translated this document to give you as much transparency as we can, however, English is not our first language and legal documents are challenging to translate. Please let us know if you spot a mistake or something is unclear.
1.1 Handling of personal data In the following, we provide information on how we handle your personal data when you use our app. Personal data are all data with which you can be personally identified.
1.2 Responsible person Responsible for data processing regarding this app in terms of the General Data Protection Regulation (GDPR) is Appiphany UG Laurenz Reichl 10559 Berlin Germany E-Mail: firstname.lastname@example.org
Responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 Data protection officer The responsible person has appointed a data protection officer, who can be reached as follows: email@example.com
1.4 Measures for secure storage and transfer of data
Summary: The processing of almost all stored data is necessary for the operation of our app. In particular, we collect information to identify and correct errors (without drawing conclusions about your person). We analyse the basic features of user behaviour (frequency and regularity of various actions) in anonymous form in order to improve our app.
We want to emphasise that we do not sell your data to third parties.
2.1 Using your photos or camera (with consent, optional) If you want to upload an image when you create your account or set up your search profile, we will ask you in a pop-up for permission to use your photos or camera. If you do not give this permission, we will not use this data. It will then not be possible to activate your search. You can later grant or revoke this consent in the settings of your operating system. If you allow access to this data, the app will only access your data and transfer it to our servers as far as it is necessary to provide the functionality. We will treat your data confidentially and delete it when it is no longer required to provide the service or when you revoke the right to use it and there is no legal obligation to retain it. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GMPR.
2.2 Collection of site data (with consent, optional) Our offer includes so-called Location Based Services, with which your search can be tailored to your particular location (this feature is optional) You can only use this function after you have agreed via a pop-up that we can collect your location data using GPS and your IP address in anonymised form for the purpose of providing services. You can allow or revoke this function in the settings of the App or your mobile operating system at any time. Your location will only be transmitted to us if you use the App to take advantage of functions that we can only offer if we know your location.
2.3 Sending push notifications (with consent, optional) You can register to receive our push notifications. You will receive regular information about our services via our push notifications. In order to register, you must confirm the receipt of notifications or allow them in the settings of your operating system. This process is documented and saved. This includes saving the time of registration and your device identification. The collection of this data is necessary for us to be able to display the push notifications on the one hand and to be able to trace the processes in case of misuse on the other hand and therefore serves as a legal safeguard. This data is processed on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical survey described above at any time with effect for the future. To revoke your consent, you can unsubscribe from the designated setting for receiving push notifications in your app settings in your operating system. Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your data will therefore be stored for as long as the subscription to our push notifications is active. Below, you can find a complete list of all data processed by us, as well as the purpose of use.
2.4 Information collected automatically
|Informationen we collect||How we use this information|
|1. During download:
When you download our app via an app store, the required information is transferred to the app store, in particular the e-mail address and customer number of your account, time of download, payment information and the individual device ID number.
|We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.|
|2. Automatically, as soon as you start our app:
||This information helps us to ensure that the app runs and is displayed in the best possible way on your device, the ID allows your device to communicate with our servers.
The data collected and transmitted in case of an error is necessary for us to analyse and correct errors.
Note: especially in the current launch phase, we need to collect detailed context information (especially the mentioned event log) about errors in order to be able to track and fix problems.
In the event of an error, the logged data is transmitted to our system. We do not use the error information to draw conclusions about your person.
2.5 Information that is created when you use our app
|Information we collect||How we use this information|
|1. When creating an account (necessary for using the app)
||We need this information to register your account and show your profile to people you add as friends within BlindMate.
People to whom you have sent an invitation link can see your username, profile picture and user ID before they register. Friends of your friends can se your profile picture and your name.
|2. Technical data that is automatically recorded when the app is used
||This information is necessary to make sure the app works for you and your contacts from a technical point of view, for example to show others when you were last online (roughly).|
|3. To set up a search profile (optional)
You can set up a search profile within our app. For this purpose the following data are necessary (if not stated otherwise):
|Based on your search settings, the app will suggest matches to your friends.
Your profile settings are the framework for how your profile looks when it is displayed to other people (friends and others).
|3. Data that you generate when you use our app
||This data is processed and stored by us to enable these actions and to provide a good experience within our app.
For example to …
|4. Data that other users generate about you
||Your profile is shaped by your friends' answers (your attributes are calculated from your friends' answers, and stories from friends are displayed on your profile).
Matches that your friends and other users create for you are displayed as blindchats
Summary: We only transfer data to third parties if this is not technically feasible for us to avoid or if we are legally obliged to do so.
3.1 Storage on servers * We store your data in Germany on the servers of netcup GmbH (Daimlerstraße 25, D-76185 Karlsruhe). *3.2 Data transfer The networks through which Your Data is sent is beyond our control. 3.3 SMS notifications and push notifications We use the Google Firebase service for these services. For registration or login after logout, an SMS code will be sent to you to verify your telephone number. Only the data required for this (telephone number, IP, time of the enquiry ...) are transmitted to Google Firebase, and no data about your other usage behaviour. For push notifications, only the data necessary for this purpose (message content, device identification number, IP, time of the request ...), and no data about your other usage behaviour are transmitted to Google Firebase. You can deactivate the push notifications from the app or from your device settings.
3.4 For error analysis In the event of an error, the automatically collected information described above will be transmitted in bundled form via the error logging service "Sentry".
Summary: As a rule, we store your data as long as you have an account with us. If your data is no longer used for the above purposes, it will be automatically deleted or made anonymous.
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective legal retention period (e.g. retention periods under commercial and tax law). When personal data is processed on the basis of express consent pursuant to Art. 6 para. 1 letter a GDPR, this data is stored until the person concerned revokes his or her consent. If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 Para. 1 letter b GDPR, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in their further storage. When personal data are processed on the basis of Art. 6 Para. 1 letter f GDPR, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 Para. 1 GDPR, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims. When personal data are processed for the purpose of direct advertising on the basis of Art. 6 Para. 1 letter f GDPR, these data are stored until the data subject exercises his or her right to object in accordance with Art. 21 Para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
Summary: You can insist on being informed about your data, on correction of your data, and on deletion of your data as well as all other rights that GDPR grants you, of course.
5.1 Your rights The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
5.2 RIGHT OF OBJECTION If, in the course of weighing up the interests involved, we process your personal data on the basis of our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future. However, we reserve the right to further process the data if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests, fundamental rights and freedoms, or if the processing serves to protect the rights, exercise or defend legal claims.
5.3 How is objection possible? By deleting your account. We consider the deletion of your account as an objection to the processing of your data and will stop processing your data immediately. Alternatively send us an email to firstname.lastname@example.org. Before we can delete your account, you will receive a code via SMS to authenticate yourself as the owner* of your profile.
It is possible that these conditions may change. We will inform you about changes here or, in the case of more extensive changes, through a message within the app.