Welcome to Embrace NOW. With our Native App and our website (hereinafter collectively referred to as the "App"), we provide you with an application that you can download to your mobile device. The App sees itself as a social media app for consumers with the aim of sharing dreams with the community as well as bringing soulmates together and into personal contact. Data protection is a particularly high priority for us and we want you to feel safe while using our app.
We have appointed as our representative within the European Union in accordance with Art. 27 (1), 3 (2) GDPR:
Fux Legal, Krausnickstrasse 10, 10115 Berlin, Germany, firstname.lastname@example.org
You have the following rights in relation to us in respect of personal data relating to you:
a. Right to information
You also have the right to obtain from us, at any time and free of charge, information about the personal data we hold about you and a copy of that information. You also have a right of access regarding the following information:
Furthermore, you have the right to be informed whether personal data have been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
You have the right to request the immediate correction and/or completion of inaccurate or incomplete personal data concerning you. We must carry out the rectification without delay.
You have the right to request us to restrict processing if one of the following conditions is met:
If the processing of personal data relating to you has been restricted, this data - apart from being stored - may only be used with your consent or for asserting your rights, exercise or defence of legal claims or to protect the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
You have the right to request that we erase the personal data concerning you without undue delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
If the personal data have been made public by us and we as a controller are obliged to erase the personal data pursuant to Article 17(1) of the GDPR, we shall, taking into account the available technology and the cost of implementation, implement reasonable measures, including those of a technical nature, to inform other data controllers processing the published personal data that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary.
The right to erasure does not exist insofar as the processing is necessary:
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO. This also applies to profiling based on these provisions.
We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the right to object, on grounds relating to your particular situation, to the processing of your personal data which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
You may contact us at any time to exercise your right to object. You are also free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
You have the right to withdraw your consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for the conclusion or performance of an agreement between you and us.
we take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
We do not carry out any automated decision making or profiling.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. The supervisory authority responsible for us is the Brandenburg State Commissioner for Data Protection and for the Right to Inspect Files, Stahnsdorfer Damm 77, 14532 Kleinmachnow Stahnsdorfer Damm 77, 14532 Kleinmachnow.
When using the app proactively, when registering, when logging in and when requesting a new password, we store the access data generated in the process in so-called server log files and partly in databases. This includes the date and time of the access, the amount of data transferred, the location and the IP address.
The legal basis for the temporary storage of your data and the log files is Art. 6 para. 1 lit. b DSGVO.
This data is evaluated exclusively to ensure the permanent and trouble-free operation of the app and to guarantee the proper functionality of the app as well as for transmission to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems. An evaluation of your data for marketing purposes does not take place in this context.
The collection of data for the provision of the app and the storage of the data in log files is absolutely necessary for the operation of our app. Consequently, there is no possibility to object.
If you open a user account via the app, we process the data required for this purpose and for the operation of the app, such as the selected user name, email address, soul picture, gender, date of birth, location, IP address, login data, chat content and such data and files that were stored in the user profile.
The legal basis for the processing of personal data is Art. 6 para. 1 lit. b DSGVO.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process when the user account is deleted.
In order to facilitate the registration process for our users, they are offered the option of opening an account via an existing account with a third-party provider. If a user decides to use this registration method, he or she will be forwarded directly to the selected third-party provider in a first step. There, the user is requested by the respective third-party provider to enter the access data in order to log in or register with the respective service. If the user is already logged in to the third party provider with the end device at this time, this request for registration is skipped. You can recognise the login options in the app by the integrated logos of the respective third-party provider. We currently offer the option of registering via an existing account with the following third-party providers:
If you use the option to register via a third-party provider, the app communicates with the server of the respective provider, whereby the data required to open the account and stored with the third-party provider is read and linked to the account.
The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO.
In order to be able to offer our users the most relevant recommendations for Soulmates and to improve the functionalities of our app, we process the location data of the respective user on the basis of Art. 6 para. 1 lit. a DSGVO. If the user consents to this processing by activating the location service, the location data collected in this way (longitude and latitude) or the desired location selected by the user is periodically transmitted to our servers and processed there.
Users can object to this data processing at any time in the future by deactivating this location service in the settings of their end device. For the smooth or unrestricted operation of the app, the collection of the current location data by activating the location service is absolutely necessary. Deactivating the location service may therefore restrict or completely disable the functionality of the app.
In order to provide our app together with all functionalities, in particular the login and the push message feature, we use the technology of Google Firebase, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as "Firebase"). Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list of these can be found here: https://firebase.google.com/terms/. The user data relevant for logging in and for the push messages are transmitted to Firebase and processed on its servers.
The data is processed on the basis of Art. 6 para. 1 lit. b DGSGVO, as the functions can only be guaranteed via Firebase.
The data processed by Firebase may be processed via servers outside of Europe, e.g. from the USA. We have concluded a contract with Firebase for commissioned data processing in accordance with Art. 28 DSGVO. In this contract, Firebase undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties.
Further information on data protection in connection with Google Firebase can be found at: https://www.firebase.com/terms/privacy-policy.html.
We secure our app and other systems through numerous technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. To this end, we continuously update the firewalls we use, the encryption procedures and our security systems. Despite regular checks, complete protection against all risks is nevertheless not possible and cannot be guaranteed by us.
Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies or you revoke your consent. In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. If the purpose of storage no longer applies, if you revoke your consent or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.
We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for you to provide us with personal data that must subsequently be processed by us. For example, you are obliged to provide us with your personal data if you conclude a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.
STAND: June 2021