Privacy Agreement blindmate

Your data is your data

We only store and process data that is necessary for running the app or that we as developers consider absolutely necessary to improve the app. We have designed blindmate to provide you best possible privacy. We do not advertise on blindmate, we do not sell data. And to be as transparent as possible, we go beyond the legal requirements and list absolutely all the data we collect and explain how we use it. We hope that it is possible to run an app sustainably without selling users' data and to finance ourselves (in the long rund) through an affordable premium model without ever having to sell your data. Should this no longer be possible one day, we would inform you.

Please excuse language mistakes. We translated this document to give you as much transparency as we can, however, English is not our first language and legal documents are challenging to translate. Please let us know if you spot a mistake or something is unclear.

Overview

Information on the collection of personal data and contact details of the person responsible
What information is collected when using our services and how do we use this information?
Which data do we transfer to third parties, how, and for what purpose?
Duration of the storage of personal data
Rights of the data subject
Amendments to the provisions

1. 1. Information on the collection of personal data and contact details of the person responsible

1.1 Handling of personal data In the following, we provide information on how we handle your personal data when you use our app. Personal data are all data with which you can be personally identified.

1.2 Responsible person Responsible for data processing regarding this app in terms of the General Data Protection Regulation (GDPR) is BlindMate GmbH Laurenz Reichl 10559 Berlin Germany E-Mail: team@blindmate.de

Responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 Measures for secure storage and transfer of data

All data is stored on servers in Germany, these servers are protected with a complex password.
For security reasons and to protect the transmission of personal data and other confidential content, our app uses SSL or TLS encryption.

2. What information is collected by us when you use blindmate?

Summary: The processing of stored data is necessary for the operation of our app and in order to improve the app. In particular, we collect information to identify and fix bugs (without drawing conclusions about your person). We analyse the basic features of user behaviour (frequency and regularity of various actions).

2.1 Using your photos or camera (with consent, optional) If you want to upload an image when you create your account or set up your search profile, we will ask you for permission to use your photos or camera. If you do not give this permission, we will not use this data. It will then not be possible to activate your search. You can later grant or revoke this consent in the settings of your operating system. If you allow access to this data, the app will only access your data and transfer it to our servers as far as it is necessary to provide the functionality. We will delete this data it when it is no longer required to provide the service or when you revoke the right to use it and there is no legal obligation to retain it. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GMPR.

2.2 Collection of site data (with consent, optional) Our offer includes so-called Location Based Services, with which your search can be tailored to your particular location (this feature is optional) You can only use this function after you have agreed that we can collect your location data using GPS and your IP address for the purpose of providing services. You can allow or revoke this function in the settings of the App or your mobile operating system at any time.

2.3 Sending push notifications (with consent, optional) You can register to receive our push notifications. You will receive regular information about our services via our push notifications. In order to register, you must confirm the receipt of notifications or allow them in the settings of your operating system. This process is documented and saved. This includes saving the time of registration and your device identification. The collection of this data is necessary for us to be able to display the push notifications on the one hand and to be able to trace the processes in case of misuse on the other hand and therefore serves as a legal safeguard. This data is processed on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical survey described above at any time with effect for the future. To revoke your consent, you can unsubscribe from the designated setting for receiving push notifications in your app settings in your operating system. Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your data will therefore be stored for as long as the subscription to our push notifications is active. Below, you can find a complete list of all data processed by us, as well as the purpose of use.

2.4 Information collected automatically

Informationen we collect	How we use this information
1. During download: When you download our app via an app store, the required information is transferred to the app store, in particular the e-mail address and customer number of your account, time of download, payment information and the individual device ID number.	We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.
2. Automatically, as soon as you start our app: Version of the app that is used Unique device ID (generated by us) System language of the machine Operating system and version Type of the smartphone IP adress Information about program versions installed on the server (e.g. browser versions) For troubleshooting purposes, we log the following data in the event of an error: A stack trace (i.e.: the information where in the code the error occurred and by which input data it was caused) A log of events within our app	This information helps us to ensure that the app runs and is displayed in the best possible way on your device, the ID allows your device to communicate with our servers. The data collected and transmitted in case of an error is necessary for us to analyse and correct errors. Note: especially in the current launch phase, we need to collect detailed context information (especially the mentioned event log) about errors in order to be able to track and fix problems. In the event of an error, the logged data is transmitted to our system. We do not use the error information to draw conclusions about your person.

Informationen we collect

How we use this information

1. During download:
When you download our app via an app store, the required information is transferred to the app store, in particular the e-mail address and customer number of your account, time of download, payment information and the individual device ID number.

We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.

2. Automatically, as soon as you start our app:

Version of the app that is used
Unique device ID (generated by us)
System language of the machine
Operating system and version
Type of the smartphone
IP adress
Information about program versions installed on the server (e.g. browser versions)

For troubleshooting purposes, we log the following data in the event of an error:

A stack trace (i.e.: the information where in the code the error occurred and by which input data it was caused)
A log of events within our app

This information helps us to ensure that the app runs and is displayed in the best possible way on your device, the ID allows your device to communicate with our servers.
The data collected and transmitted in case of an error is necessary for us to analyse and correct errors.
Note: especially in the current launch phase, we need to collect detailed context information (especially the mentioned event log) about errors in order to be able to track and fix problems.
In the event of an error, the logged data is transmitted to our system. We do not use the error information to draw conclusions about your person.

2.5 Information that is created when you use our app

Information we collect	How we use this information
1. When creating an account (necessary for using the app) Verification method (only visible to you): Phone number or google account information or Apple ID Username Date of birth Pronoun User ID Profile picture Your role on blindmate (dater or matchmaker) Invite links that were sent Installation parameters (referrers) Progress of login / registration Ad id Device information Information on the user that invited you	We need this information to register your account and show your profile to people you add as friends within blindmate. People to whom you have sent an invitation link can see your profile before they register. Other app users may see your profile as well. Registration progress, ad id, demographic data and device information is collected when a new user registers and is transmitted to third parties (see the section on data that is transmitted to third parties below)
2. Technical data that is automatically recorded when the app is used Device information Browser type and version Operating system used Host name of the accessing device Time of the server request IP adress	This information is necessary to make sure the app works for you and your contacts from a technical point of view.
3. To set up a search profile (optional) You can set up a search profile within our app. For this purpose the following data are necessary: Search settings: Types of relationship you are looking for Genders you are looking for Age preference Search location (text entry or one-time location sharing, see 2.2) Search status (search active/inactive) Profile settings Your gender Training and employment (optional) Up to 7 profile pictures (camera or upload, see 2.1)	Based on your search settings, the app will suggest matches to your friends. Your profile settings are the framework for how your profile looks when it is displayed to other people (friends and others).
3. Data that you generate when you use our app List of linked friends General app activity: how long is the app used each day In-app actions, e.g. swipes for friends, actions in the chat window Answers about friends Messages to friends/other people Icebreaker and profile sharing in blindchats Feedback (contacting blindmate) Reported users App settings Profile information Screens and dialogs that were opened	This data is processed and stored by us to enable these actions and to provide a good experience within our app. For example to … … create the profiles of your friends with your answers … find out which friends you like to search or answer questions for … display messages and ice breakers in chats … identify problems within the app by means of tooltips … to send you notifications. In order to find problems users have when using the app and in order to find out how to improve the app, we use the services Mixpanel and Amplitude. For this purpose, data is transmitted to the servers of these companies (see below).
4. Data that other users generate about you Data generated by your friends Free text answers Selection of response options (buttons, sliders) Profiles matched by friends Information from other users Other users can match you with their own friends Other users can report you	Your profile is shaped by your friends' answers (your attributes are calculated from your friends' answers, and stories from friends are displayed on your profile). Matches that your friends and other users create for you are displayed as blindchats

3. Which data do we transfer to third parties, how and for what purpose?

3.1 Storage on servers We store your data in Germany on the servers of netcup GmbH (Daimlerstraße 25, D-76185 Karlsruhe).

3.2 Data transfer The networks through which Your Data is sent is beyond our control.

3.3 Registration progress, ad id, device information, activity data, purchase history for marketing purposes In order to advertise blindmate on other platforms, we integrated Facebook SDK, Firebase Analytics, TikTok SDK and AppsFlyer SDK in the app. We configured these plugins to be disabled by default. They are only activated for new users: in this case, registration progress, ad id, device information and numbers that measure user activity (size of the friend cluster, in-app activity level) are transmitted to Meta Platforms Inc, Alphabet Inc, Bytedance Technology Ltd, and AppsFlyer Ltd. 7 days after signup, no more data is transmitted.

Additionally, data about in-app-purchases (not yet implemented) may be transmitted as well in the future.

3.4 Browser data for GIFs Our chat interface uses Tenor's API to provide support for animated GIFs. When using the chat: system data, software versions, search queries and the list of queried GIFs are transmitted to Tenor.

3.5 Authentication and push notifications We use the Google Firebase service for these services.

For registration or login after logout, you may identify using - phone number - google account - apple account Only the data required for this purpose (telephone number, google account, apple account, IP, time of the enquiry) are transmitted to Google Firebase, but no other data about your account. For push notifications, only the data necessary for this purpose (message content, device identification number, IP, time of the request), and no data about your other usage behaviour are transmitted to Google Firebase. You can deactivate the push notifications from the app or from your device settings.

3.6 For error analysis For error analysis, the automatically collected information described above (including primary account information) will be transmitted to the error logging service Sentry (sentry.io).

3.7 For improving the app In order to understand how users are using the app, which features are being used and where problems lie, we use the data analysis tools of Amplitude and Mixpanel. For this purpose, we transmit data to Amplitude, Inc. and Mixpanel, Inc. This includes information about screens and dialogues that were opened in the app, actions that were executed and demographic information like gender and age of the user.

4. Duration of the storage of personal data

Summary: As a rule, we store your data as long as you have an account with us. If your data is no longer used for the above purposes, it will be automatically deleted.

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective legal retention period (e.g. retention periods under commercial and tax law). When personal data is processed on the basis of express consent pursuant to Art. 6 para. 1 letter a GDPR, this data is stored until the person concerned revokes his or her consent. If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 Para. 1 letter b GDPR, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in their further storage. When personal data are processed on the basis of Art. 6 Para. 1 letter f GDPR, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 Para. 1 GDPR, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims. When personal data are processed for the purpose of direct advertising on the basis of Art. 6 Para. 1 letter f GDPR, these data are stored until the data subject exercises his or her right to object in accordance with Art. 21 Para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

5. Rights of the data subject

Summary: You can insist on being informed about your data, on correction of your data, and on deletion of your data as well as all other rights that GDPR grants you, of course.

5.1 Your rights The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:

Right to information according to Art. 15 GDPR: In particular, you have the right to be informed about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, where applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
the right to rectification in accordance with Art. 16 GDPR: You have the right to have incorrect data relating to you corrected without delay and/or to have your incomplete data stored by us completed;
Right to information in accordance with Art. 15 GDPR: In particular, you have the right to be informed about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, where applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 GDPR when your data is transferred to third countries;
Right of cancellation in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the conditions of Art. 17, para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
Right to restrict processing in accordance with Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data which you dispute is verified, if you refuse to delete your data due to unlawful data processing and demand instead the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims, after we no longer require these data after the purpose has been achieved, or if you have lodged an objection for reasons of your particular situation, as long as it has not yet been established whether our justified reasons outweigh the objection;
Right to be informed in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerned have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
Right to data transferability in accordance with Art. 20 GDPR: You have the right to receive personal data which you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically feasible;
• Right to revoke consents granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke at any time, with effect for the future, any consent to the processing of data once granted. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
Right of appeal under Art. 77 GDPR: If you believe that the processing of personal data relating to you is in breach of the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.

5.2 Right of objection If, in the course of weighing up the interests involved, we process your personal data on the basis of our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future. However, we reserve the right to further process the data if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests, fundamental rights and freedoms, or if the processing serves to protect the rights, exercise or defend legal claims.

5.3 How is objection possible? By deleting your account. We consider the deletion of your account as an objection to the processing of your data and will stop processing your data immediately. Alternatively send us an email to team@blindmate.de. Before we can delete your account, you will receive a code via SMS to authenticate yourself as the owner* of your profile.

6. Amendments to the provisions

It is possible that these conditions may change. We will inform you about changes here or, in the case of more extensive changes, through a message within the app.