Privacy Policy

 Whos This GmbH

MOBILE APPLICATION

Effective Date: 20 October 2022

 

Whos This GmbH (WHOS THIS”) cares about your privacy and processes your personal data in accordance with applicable data protection laws. In this Privacy Policy (“Policy”), we describe which personal data we collect and process in connection with the Whos This GmbH mobile application (“App”) and the services available through this App as well as how we use this data. References in this Policy to WHOS THIS, we or us shall mean Whos This GmbH, Meerbuscher Straße 111, 40670 Meerbusch, Germany.

To learn more, click on one of the links below to jump to the listed section:

What types of personal data do we collect about you and how do we collect it?

For what purposes do we use your personal data and based on which legal basis?

Who will we share this data with?

Is your personal data being transferred?

Children’s privacy

What rights do you have in relation to your data?

What tools can you use in the App to make use of your rights?

How long will we retain your data?

How do we protect your data?

How and when do we change this Policy?

Data controller and contacting us

California

Nevada

Virginia

You may have additional rights if you are based in one of the following jurisdictions: California, Nevada, or Virginia. Please visit the relevant section at the end of the Policy.

What types of personal data do we collect about you and how do we collect it?

We may collect and process the following categories of personal data when you interact with us and our App. We collect this data directly from you, from third parties, and automatically through your use of our App or the services available through the App, in each case always insofar as such collection and processing is permitted for the respective purpose in accordance with applicable data protection laws, including obtaining your consent where required under law.

Personal data we collect directly from you:

·       App Store Information: When downloading the App, the information required for doing so is transmitted to the ‘App Store’, in particular the username, email address and customer number of your account, time of the download and the individual device designation number. We process this data only to the extent necessary for downloading the App to your mobile device. The data is not stored for any other purpose.

·       Account/Registration Information: When you register with an account to the App, based on your voluntary entering of relevant information, will obtain your username, email address, phone number, and password. This information is collected to help you complete your App account registration so that we can provide our services and protect the security of your account.

·       Profile Information: When you complete your profile in the account following the registration process, you might decide to share with us additional information, such as your self-introduction and profile photo. You might also opt to upload your social media network memberships within your App profile and to share with us your name as well as your date of birth, and gender forming part of your respective social media network membership. To this aim, you will be asked to make a selection by clicking on a button with a social media platform you are a member of and then to manually enter the URL link/user name of your social media network membership; in cases like WhatsApp, you will be asked to enter a phone number. To add certain content, like pictures, you may allow us to access your camera or photo album. The information you voluntarily add as part of your profile will be visible to other users of the App only if you decide to display this information. You can adjust the visibility of the information to other users in your account settings as set out in section “What rights do you have in relation to your data?” and “What tools can you use in the App to make use of your rights?” below.

·       Content You Publish in the App: We also process the content you publish, as necessary for the operation of the services.

·       Information We Process to Fulfil Requests in Connection with Certain Features: If you share with us information about other people (for example, if you use contact details of a friend for a given feature), we process this information on your behalf in order to complete your request.

·       Customer Support Information: If you contact our customer support team, we collect the information you give us during the interaction.

·       Marketing information: We may collect and process marketing and communications data such as your preferences in relation to receiving marketing from us and third parties and for the ways we communicate with you when you give us your data by filling in forms and by corresponding with us by post, phone, email or otherwise when you request marketing materials. We sometimes also give you the ability to take part in surveys where we ask you to give us such information as email address and your feedback about our products and services. We may also ask you to subscribe to receive newsletters about our products. We will only process your data for the purposes in this paragraph if we are allowed to do so under applicable law (because you consented to it or otherwise). You may opt-out of receiving marketing emails by following the unsubscribe instructions at the bottom of the email, or emailing us at info@whosthis.com with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt out of transactional emails.

·       Participation in Promotions and Other Events: When you choose to participate in our promotions, events or contests, we collect the information that you use to register or enter.

 

Personal data we collect from third parties:

  • Information Other Users of the App May Provide about You. Other users of the App may provide information about you as they use our services, for instance as they interact with you or upload, sync or import your contact information.

 

Personal data we collect automatically through your use of our App and the services available through the App:

 

·       App, Device and Usage Information: Depending on your use of the App and on your App settings, we might collect data generated in connection with your use of the App and the services. This data might be collected directly through parts of the App or the third party SDK’s embedded in the App. The relevant data includes

o   Your browsing duration within the App and your click and behaviour in the App;

o   The App community articles that you browse;

o   Your App settings and device identifiers (such as App language, operating system information (name and version); system language; name and version of application (including database version); device information (brand and model); IP address; provider name; signal strength (UMTS, LTE); Wi-Fi signal strength; and information on type of use (e.g., which functions were used and when);

o   Your interactions with other members (e.g., members you connect and interact with, when you exchanged with them, number of messages you send and receive);

o   Contact details in your address book (we only have access to the information subject to your permission but do not store the information);

o   Your media files (subject to your permission).

·       Geolocation Data through the App (with your permission): If you give us permission, we can collect your precise geolocation (latitude and longitude). The collection of your geolocation may occur in the background even when you are not using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your precise geolocation, we will not collect it.

If you decide to use the function “Take me Home”, with your permission, we can collect and share within the App your precise geolocation (latitude and longitude) with another App user selected by you from your contacts, which will be listed under the “Take me Home” function. The user selected by you when using this function then receives a request, which they must confirm to initiate the “Take me Home” function.

 

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals.  For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

 

 

 

 

 

 

For what purposes do we use your personal data and based on which legal basis?

 

Depending on the country in which you are located, we will only process your personal data in accordance with applicable law and with transparency and fairness when we have a legal basis for processing as listed below:

Purpose

Legal Basis (where required under applicable law)

To provide customer support and to respond to your requests and enquiries, including

·       Communicate with you about the services, including by sending you announcements, updates, security alerts, and support and administrative messages;

·       Provide support and maintenance and to respond to your requests, questions, and feedback.

The processing is necessary for the performance of the contract with you, Art. 6 (1) sentence 1 lit. b) GDPR and we have a legitimate interest in providing assistance while using the App, Art. 6 (1) sentence 1 lit. f) GDPR.

To create and manage your App account and register you, to deliver the App’s services and to assist you while you use the App, including

·       Verifying your identity;

·       Communicating with you;

·       Providing customer services and arranging the other provision of services;

·       Maintaining your profile;

·       Showing other users in a radius of 3 to 164 feet and allowing users to view each other’s App profiles and connect with each other when using the radar function of the App;

·       Accessing your media photos (subject to your permission), e.g., in order to publish community posts.

The processing is necessary for the performance of the contract with you, Art. 6 (1) sentence 1 lit. b) GDPR and we have a legitimate interest in providing assistance while using the App, Art. 6 (1) sentence 1 lit. f) GDPR.

To monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable laws, including filtering posts with sensitive words or pictures in the posts and filtering sensitive words or pictures in user’s comments.

The processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) sentence 1 lit. c) GDPR.

We have a legitimate interest in enforcing our Terms and Conditions concerning acceptable use, Art. 6 (1) sentence 1 lit. f) GDPR.

To improve the App and our services as well as to develop new features and services by helping us understand who uses the App and how it is being used, including to

·       Analyse the total amount of users' likes, browsing and other behaviours through data collected so as to make reasonable estimates;

·       Conduct surveys;

·       Collecting statistics on monthly active users.

On the basis of Art. 6 (1) sentence 1 lit. c) GDPR as far as the respective processing is necessary for compliance with a legal obligation or other regulatory obligations.

We have a legitimate interest in improving our App, Art. 6 (1) sentence 1 lit. f) GDPR (as far as not already covered by Art. 6(1) sentence 1 lit. c) GDPR).

You have given consent to the processing, Art. 6 (1) sentence 1 lit. a) GDPR (as far as not already covered by Art. 6(1) sentence 1 lit. c) or f) GDPR).

To share data with our service providers acting according to our instructions as our data processors (i.e., those hosting data for us or providing their SDK’s to us as data processors, including FKT 42 GmbH SDK the purpose of community content detection and for statistical analysis).  

We have a legitimate interest in using vendors to provide our business services, Art. 6 (1) sentence 1 lit. f) GDPR.

To share data with our business partners to provide a product or service you have requested.  

The processing is necessary for the performance of the contract with you, Art. 6 (1) sentence 1 lit. b) GDPR and we have a legitimate interest in sharing data with our business partners to provide our services, Art. 6 (1) sentence 1 lit. f) GDPR.

To provide you with news and newsletters, special offers, promotions and other information about our products and services.

Based on our legitimate interest (Art. 6(1) sentence 1 lit. f) GDPR) or your consent (Art. 6 (1) sentence 1 lit. a) GDPR) as required by applicable law.

To comply with applicable legal or regulatory obligations, including, but not limited to, use in connection with legal claims, compliance, regulatory, investigative purposes (including disclosure of such information in connection with legal process or litigation) and informal requests from law enforcement or other governmental authorities. We will notify user of the information request or submission as, and if, allowed.

The processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) sentence 1 lit. c) GDPR.

The day to day running and management of the business including to monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use.

We have a legitimate interest to manage our business including to maintain ongoing operations and to improve and strengthen our operations, Art. 6 (1) sentence 1 lit. f) GDPR.

Protecting our rights and interests as well as the rights and interests of our users and any other person. This includes, but is not limited to, monitoring and ensuring compliance with legal and regulatory requirements or as otherwise necessary in the course of judicial or administrative proceedings.

Based on legal obligations under EU or Member State law we are subject to or our legitimate interests to enable our business (Art. 6 (1) sentence 1 lit. c) GDPR) and where our interests are not overridden by your data protection rights (Art. 6 (1) sentence 1 lit. f) GDPR).

Sharing your personal data with our advisers, any prospective purchaser’s advisers, and the new owner of the business in the event we sell or transfer all or a portion of our business or assets in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

We have a legitimate interest for sharing your information for that purpose, Art. 6 (1) sentence 1 lit. f) GDPR.

To collect specific information such as your precise geolocation.

You have given consent to the processing, Art. 6 (1) sentence 1 lit. a) GDPR.

 

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. Further information on our balancing tests related to processing based on our legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR) can be obtained upon request (see contact details below at the end of this Policy).

We will not use or otherwise process your personal data for any other purposes, unless we have legal grounds to do so (e.g., you provide us with your additional consent before such use). We do not use your personal data for profiling or other automated decision making without human intervention.

If you provide us with any information or material relating to another individual, you must make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual about the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.

Who will we share this data with?

We may share personal data with the following parties, in each case always only in accordance with applicable data protection laws, including obtaining your consent where required under law:

We share your personal data on your behalf with other members when you voluntarily disclose information in the App (including your profile). Please be careful with your information and make sure that you are comfortable with the content being visible to other users of the App. If you choose to limit your visibility in the App (e.g., by using the ghost mode or home zone), then it will be visible according to your settings.

Furthermore, we use service providers for commissioned data processing (see examples above in section “For what purposes do we use your data and based on which legal basis?”) whom we have instructed with the data processing within the scope of this Policy within the framework of our App's technical infrastructure. These third parties assist us with various tasks, including hosting of data for us in Germany, Gunzenhausen, providing IT support services by a service provider located in Germany, Hamm, providing their SDK’s for enabling functions of our App and otherwise to provide the services that you request.  

We may share your personal data with other third parties whose feature you use in connection with the App and the services provided through the App or with your consent.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

We may disclose your personal data to third parties when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms and Conditions or this Policy, or as evidence in litigation in which we are involved.

In the event that we sell or transfer all or a portion of our business or assets in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution, your details may be disclosed to our advisers and any prospective purchaser’s adviser and may be passed to the new owners of the business.

Is your personal data being transferred?

We do not transfer the personal data that we hold about you from your country or jurisdiction to other countries or jurisdictions around the world.

Children’s privacy

We do not knowingly collect personal data from children under the age of 16, and in the event that we learn that a child under the age of 16 has provided information on the App, we will delete that information as soon as possible.

 

What rights do you have in relation to your data?

Depending in the country where you reside, you may have certain rights. 

If you are a resident of the EEA, you generally have the right to ask us:

  • for access to and a copy of your personal data that we hold (Art. 15 GDPR)
  • that some of your personal data is provided to you or sent to another data controller in a commonly used, machine readable format (Art. 20 GDPR)
  • to update or correct your personal data in order to make it accurate (Art. 16 GDPR)
  • to delete your personal data from our records in certain circumstances (Art. 17 GDPR)
  • to restrict the processing of your personal data in certain circumstances (Art. 18 GDPR)

And you may also have a right:

  • withdraw your consent anytime (Art. 7(3) sentence 1 GDPR) where we rely on your consent to process your personal data. Your withdrawal does not affect the legality of the processing carried out based on your consent until the withdrawal. In some cases, you may withdraw your consent by adapting your settings (for instance in relation to the collection of your precise geolocation). In any case, you may withdraw your consent at any time by contacting us at the email address provided at the end of this Policy, or in case of electronic direct marketing, by following the instructions in the communication; and
  • to object to us processing your personal data in certain circumstances (e.g., in case we process your data for direct marketing purposes – Art. 21 GDPR).

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

We hope that we can satisfy any queries you may have about the way we process your data. If you have any concerns about how we process your data you can contact us as described below in the section “Data controller and contacting us”.

In the event you still have unresolved concerns, you also have the right to lodge a complaint with a supervisory authority, in particular the data protection authority in the Member State of your habitual residence or place of work.

Finally, please note that where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.

If you are based in California, Nevada, or Virginia, you may have additional rights. Please visit the relevant section at the end of the Policy.

What tools can you use in the App to make use of your rights?

Tools and account settings can help you access, correct or delete information that you provided to us and that is associated with your account in the App. If you have any questions on those tools and settings, please contact our customer care team for help under the email address set out below.

In addition, as other mobile platforms, our App has a permission system for specific types of device data and notifications, such as push notifications and showing age and/or gender in profile. You can change your settings on your device to either consent or oppose the collection or processing of the corresponding information or the display of the corresponding notifications or information. Of course, if you do that, certain services may lose functionality.

You can stop all information collection by the App by uninstalling it using the standard uninstall process for your device.

 

How long will we retain your data?

We retain your personal data for as long as it is necessary and relevant for the purposes described in this Policy. The criteria used to determine the retention periods include: (i) how long the personal data is needed to provide the services and operate the business; (ii) the type of personal data collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the personal data (e.g., mandatory legal data retention periods (tax/bookkeeping), government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes (e.g., we may retain data for an appropriate period (e.g. standard limitation period) after any relationship with you ends to protect ourself from legal claims, or to administer our business).

Where you are a customer, we will keep your data for the duration of any contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this Policy in accordance with applicable law.

Where we process personal data with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to process your data so that we can respect your request in future.

How do we protect your data?

 

We strive to maintain the highest standards of security and WHOS THIS has put in place robust technical and organizational measures for the protection of your data in accordance with the current, general state of technology, especially to protect the data against loss, falsification, or access by unauthorized third persons. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our App. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access.

How and when do we change this Policy?

This Policy is current as of the Effective Date set forth above. We reserve the right to change this Policy from time to time. Any changes to our Policy will be posted in the App. Where changes to this Policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice by notifying you by email or by a pop-up banner in the App as required by applicable law so that you have the opportunity to exercise your rights.

Data controller and contacting us

The data controller for your personal data is Whos this GmbH, Meerbuscher Straße 111, 40670 Meerbusch, Germany, email: moc.sihtsohw@ofni‎.

If you have any questions about this Policy or the processing of your personal data in connection with your use of the App or the services available through the App, or if you experience any difficulty accessing the information in this Policy, please feel free to contact us

- Via regular post under the abovementioned address, to the Attention of Legal;

- Via e-mail at moc.sihtsohw@ofni‎.

 

California

The California Consumer Privacy Act as replaced by the California Privacy Rights Act (“CCPA”), provides additional rights to California residents. This section addresses those rights and applies only to California residents. Any rights specifically relating to the California Privacy Rights Act shall not take effect until January 1, 2023.

Notice of Collection

We have collected the following categories of personal information (as described in the CCPA) in the past 12 months. For further details on the personal information we collect and how we obtain this information, please review the “What types of personal data do we collect about you and how do we collect it?” section above.

·       Identifiers, including name, postal address, email address, and online identifiers (such as IP address). 

 

·       Customer records, including phone number, billing address, and credit or debit card information. 

 

·       Characteristics of protected classifications under California or federal law, including gender. 

 

·       Commercial or transactions information, including records of products or services purchased, obtained, or considered.

 

·       Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.

 

·       Non-precise geolocation data, including location derived from an IP address.

 

·       Professional, employment, or education-related information.

 

·       Inferences drawn from any of the information identified in this section.

 

We collect and use this personal information for the business purposes set out in the “ For what purposes do we use your personal data and based on which legal basis?” section above. We disclose this personal information to the categories of persons set out in the “ Who will we share this data with?” section above.

In addition, we have collected the following categories of sensitive personal information (as described in the CPRA) in the past 12 months: your precise geolocation. We collect, use, and disclose this sensitive personal information as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services, and for other permissible business purposes under the CCPA.

We do not “sell” or “share” your personal information as those terms as defined by the CCPA.

Right to Know, Correct, and Delete

You have the right to know certain details about our data practices. In particular, you may request the following from us:

·       The categories of personal information we have collected about you; 

·       The categories of sources from which the personal information was collected;

·       The categories of personal information about you we disclosed for a business purpose or sold or shared;

·       The categories of persons to whom the personal information was disclosed for a business purpose or sold or shared;

·       The business or commercial purpose for collecting or selling or sharing the personal information; and

·       The specific pieces of personal information we have collected about you.

 

Unless you specify otherwise, the response we provide will cover the 12 month period preceding our receipt of the request. Starting with personal information collected on or after January 1, 2022, you may request that we disclose details beyond the 12-month period, and we shall do so unless doing so proves impossible or would involve a disproportionate effort.

 

In addition, you have the right to correct (effective January 1, 2023) or delete the personal information we have collected from you. These rights also apply to sensitive personal information.

 

To exercise any of these rights, please email us at info@whosthis.com. If you have an account with us, we may require you to use the account to submit the request. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

Authorized Agent

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

Minors

If you are a California resident under 18 years old and registered to use the services, you can ask us to remove any content or information you have posted on the services. To make a request, email us at info@whosthis.com with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Shine the Light

 

Customers who are residents of California may request (i) a list of the categories of personal information (as that term is defined by Shine the Light) disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in the “Data controller and contacting us section” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

 

Nevada

 

We do not sell and will not sell your covered information (as those terms are defined by NRS 603A.340).

 

Virginia

 

The Virginia Consumer Data Protection Act (“VCDPA”) provides additional rights to Virginia residents. This section addresses those rights and applies only to Virginia residents. Any rights shall not take effect until January 1, 2023.

 

You have the following rights under the VCDPA:

·       To confirm whether or not we are processing your personal data

·       To access your personal data

·       To correct inaccuracies in your personal data

·       To delete your personal data

·       To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format

·       To opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

 

To exercise any of these rights, please contact us at info@whosthis.com and specify which right you are seeking to exercise. We will respond to your request within 45 days. If you have an account with us, we may require you to use the account to submit the request. We may require specific information from you to help us confirm your identity and process your request.

 

If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at info@whosthis.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

 

October 2022, version 1.0