for the mobile app Spotted and the website www.spotted.de as offers of dua
AG.
Status: February 2023
Introduction
dua AG, Leutschenbachstrasse 95, 8050 Zurich, Switzerland, (hereinafter: "dua AG" or "we/us"), as the
data controller, operates a platform for chatting, getting to know and meeting other people
(hereinafter: "Spotted") under the domain "www.spotted.de" and associated sub-pages (hereinafter:
"Spotted domain") and with the help of the mobile app Spotted (hereinafter: "Spotted app") available
for download for various operating systems
The service offered is a freemium model, whereby the user of Spotted (hereinafter: "User" or "You")
can create a profile (hereinafter: "User Profile") free of charge via the Spotted app, upload
pictures and exchange information with other users and their User Profiles if interested. The User
has the option to take advantage of features such as the chat, encounter stream and many other
features of Spotted. Spotted also offers a paid premium service that allows users to access
additional, exclusive features.
The offer of Spotted also serves a real get-to-know-you in one's own area, it belongs to the
so-called dating services. Registration is possible from the age of 18.
This privacy policy explains how personal data is handled. Personal data is individual information
about personal or factual circumstances of a specific or identifiable natural person. This includes,
for example, name, birthday, telephone number, but also e-mail address and usage data, such as the
IP address. Furthermore, the privacy policy serves to provide information about which data is
collected, stored and processed and how dua AG ensures the protection and security of personal data.
.
dua AG does not require users to use their real names. The user can also enter a pseudonym instead
of a name.
This Privacy Policy is structured as follows:
1. How is my data collected, processed and used when I download the Spotted app?
1.1. Download the Spotted app
1.2. Installation and permissions
2. How my data is collected, processed and used when visiting the Spotted domain or the Spotted app without creating a user profile at Spotted?
3. How is my data collected, processed and used after creating a user profile and when using the Spotted app or Spotted domain offer?
3.1 Mandatory data when creating the user profile
3.2 Voluntary data
3.3 Location data
3.4 IP addresses
3.4 Payment data
4. How is my data used by Spotted for advertising purposes?
4.1. What data is used for advertising purposes and who receives the data?
4.2. What is the Advertiser ID and how is it used?
4.3. Use of location data
5. What cookies, tracking providers, analytics services does Spotted use? How are social media and like buttons integrated?
5.1 Cookies and cookie policy
5.2 Tracking providers, analysis services
5.3 Social Media Shortcuts
5.4 Integration of like/share buttons, social plugins
5.5 Facebook Connect
6. How data is disclosed or passed on?
6.1 General information on the disclosure of personal data
6.2 Categories of data recipients
7. How is data processed and used for anti-spam purposes?
8. What's the process of deleting data and creating backups?
9. What data security measures are in place at Spotted?
10. User rights: consent and revocation, information, correction, deletion, transfer
10.1 Consent and revocation
10.2 Information, correction, deletion, transfer
11. Modification of the privacy policy
12. Contact person for data protection
1. How will my data be collected, processed and used when I download the Spotted app?
1.1. Downloading the Spotted App
When downloading the Spotted app, the necessary information is transferred to the respective app store operator. Depending on the app store, this is, for example, the email address or the customer number of the app store user of the respective app store, the time of the download and an individual device identification number. However, dua AG has no influence on this data collection and is not responsible for it. The corresponding data protection declarations/ settings of the respective app store operator apply.
dua AG processes the data provided by the respective app store operator as far as this is necessary for downloading the Spotted App to the end device.
1.2. Installation and Authorizations
For the technical functionality of the Spotted App and for the provision of the services offered with the Spotted App, Spotted requires various access options and information.
Depending on the operating system, permission to access individual functions and information is already requested during the installation process. The access permissions include, among others, location, notifications, and mobile data.
Under the settings of the end device, these permissions can be partially revoked manually. However, it should be noted that the Spotted app can only be used to a limited extent or not at all without the corresponding permissions. Depending on the app version, permissions are requested before or after installation.
2. How is my data collected, processed and used when visiting the Spotted domain or the Spotted app without creating a user profile with Spotted?
dua AG uses the personal data that the user provides or that is collected when using Spotted without creating a user profile without separate consent solely for the purpose of implementing the user relationship and as described in this Privacy Policy.
When merely visiting the Spotted domain (on a so-called landing page/start page) or installing the Spotted app without creating a user profile, dua AG collects the following data transmitted by the user's terminal device or browser:
As well as, in addition, during the mere installation of the Spotted app without registration or creation of a user profile, the following data transmitted by the user's terminal device used:
This data is required for the use of the Spotted domain or installation of the Spotted app as such, or is used for evaluation for statistical purposes to optimize Spotted. The data is processed and used to prevent and combat fake profiles, illegal activities and spam, as well as to ensure the integrity and stability of the Spotted platform.
The location data is collected, processed and used so that the user can use the so-called location-based service, with which he is offered suggestions tailored to the respective location from registration. For more details on the use of location data, see also points 3.3 and 4.3. Furthermore, Spotted uses cookies (see point 5.1), analysis services and tracking providers (see point 5.2).
3. How is my data collected, processed and used after creating a user profile and when using the Spotted app or Spotted domain?
dua AG uses the personal data that the User provides or that is collected during the use of Spotted after a User profile has been created, without separate consent, solely for the purpose of implementing the user relationship and as described accordingly in this Privacy Policy. In order to use Spotted to its full extent, it is necessary for the user to create a user profile. For this purpose, the user must provide additional personal data, which dua AG uses to provide the respective service.
The user can also voluntarily register with his Spotted user profile for other services of dua AG. In this case, the profile data such as name, gender, age and contact data are processed in the dua apps used in this way. However, even in these cases, dua AG remains the data controller as the operator of Spotted, as described above. Further information on how dua AG processes personal data can also be found at dua AG Privacy Policy.
3.1 Mandatory information when creating the user profile
When creating the user profile and registering, the following information must be provided:
The data provided is collected, processed and used for the purpose of using Spotted. Among other things, the information is used for addressing, authentication, age verification, personalization of the profile, display of other matching user profiles as well as for advertising purposes (see also point 4).
3.2 Voluntary data
The user can provide a variety of voluntary information in his user profile. This serves in particular the function of Spotted to select recommendations for other user profiles according to different criteria for the user and to display them within Spotted. Additional information increases the probability of coming into contact with suitable user profiles. This information is voluntary for the user and can be viewed in the profile under Details or entered, changed or deleted.
The data provided is collected, processed and used by us for the purpose of using Spotted. In addition, this data may also be processed and used for advertising purposes (see details on advertising under point 4).
This voluntary information is visible to other logged-in users within Spotted as "public", but can be deleted or modified by the user profile owner at any time under the settings within the user profile.
3.3 Location Data
The services offered by Spotted also include so-called location-based services, with which the user is presented with special offers that are tailored to the respective location. In this way, the User can in particular be shown other Users who are in his or her vicinity. In order to be able to offer these functions within the Spotted app, Spotted collects location data by means of GPS of the end device used as well as location data via nearby radio access nodes. If location collection is active, the location is regularly transmitted to dua AG upon permission and processed and used there.
The user can adjust this function in the settings of the operating system on his terminal device at any time, i.e. allow the collection of location data or revoke its use.
The location data can also be processed and used for advertising purposes (see details on advertising under point 4).
3.4 IP Addresses
The IP addresses of users are recorded for security and testing purposes. This is to prevent misuse of the service. The data is processed and used to prevent and combat fake profiles, illegal activities and spam, as well as to ensure the integrity and stability of the Spotted platform.
3.4 Payment Data
If the User makes in-app purchases via Spotted, buys "credits" or books our paid premium service, this is done via external payment providers. No payment data is collected and processed by dua AG when a purchase is made. The payment data is entered and processed directly by the payment providers. Technical data (including the transaction ID) is exchanged between dua AG and the payment providers to validate the purchases.
4. How is my data used by Spotted for advertising purposes?
Spotted-GmbH has opted for a freemium model for Spotted, i.e. a basic version of Spotted can be used by any user without paying a fee. However, advertising is displayed to the user in the free version. The advertising played on Spotted contains the user's own advertising content (e.g., about Spotted's premium products) or is commissioned by the advertiser in so-called campaigns. Campaigns can also be personalized and thus displayed specifically only to certain user groups (example: hair care advertising only for female or male users, etc.). In some cases, the advertising displayed on Spotted is done through the intermediation of external service providers.
Even if the use of data for advertising purposes is in the legitimate interest of dua AG, a corresponding consent is obtained in the product before the data is used for advertising purposes.
4.1. What data is used for advertising purposes and who receives data
dua AG may place advertisements from third parties on Spotted, which may also be tailored to the presumed special interests of the User (personalized advertising), if the User has given his or her consent to this on Spotted. The user can revoke this consent given on Spotted with effect for the future at any time under the profile settings under "Privacy/Tools".
When placing such personalized advertising, the respective third-party provider for whom advertising is to be placed on Spotted or by means of whose services advertising is placed by other third parties will receive the following data (hereinafter: the "Transmission Data"):
The transmission data is passed on to the following categories of recipients for the purposes listed:
When using Spotted, consent is obtained from the user in the product that he or she agrees to his or her data being used for the purpose of transferring it to third-party providers for the display of personalized advertising within the Spotted app or Spotted domain. The user can revoke this consent at any time in the profile settings under " Privacy/Tools " with effect for the future.
Furthermore, when using Spotted in the product, consent is obtained from the user that he/she agrees to his/her transmission data being used for the purpose of transmission to third-party providers for the display of personalized advertising on advertising spaces outside of Spotted.
The user can revoke this consent at any time in the profile settings under "Privacy/Tools" with effect for the future
4.2. What is the Advertiser ID and how is it used?
For tracking and advertising purposes, the Spotted app uses the so-called Advertiser ID, i.e. the so-called "Advertiser Identifier" (IDFA) of the offers of Apple Inc. and the "Android Advertiser ID" (Advertiser ID) of the offers of Google. Inc. (hereinafter each the: "Advertiser ID(s)"). These Advertiser IDs are unique but non-permanent identification numbers for a specific end device, provided respectively by iOS as the Apple Inc. offering and by Android as the Google Inc. offering. In contrast to the Vendor-Advertiser-ID (this is generated by new operating systems and is only identical for the apps of a vendor), the Advertiser-ID provided is also identical to the Advertiser-ID that is transferred to apps of other companies when they are used.
The advertiser ID is used with the corresponding consent of the user to display personalized advertising within online offers and to evaluate this advertising. If the user activates the option "no ad tracking" on an Apple end device under "Privacy" - "Advertising" in the iOS settings or on an end device with an Android system under "Google settings" (or also "Settings" and therein "Google"), then clicks on "Ads" and the button at "Disable interest-based ads", dua AG can only take the following measures: Measurement of interaction with banners by counting the number of times a banner is displayed without being clicked on ("frequency capping"), click-through rate, detection of unique usage ("unique user") as well as security measures, fraud prevention and error correction.
The advertiser ID is also used by dua AG for tracking purposes. For example, a user who registers on Spotted after clicking on an advertisement for Spotted on another domain or app is also identified by the advertiser ID. The advertiser receives a fee for this user tracked in this way after registration is completed.
The user can delete the IDFA or advertiser ID in the device settings at any time ("Reset Ad ID"), and a new IDFA or advertiser ID will then be created.
When using Spotted, consent is obtained from the user in the product that the user agrees to the Advertiser ID being used by dua AG for the purpose of displaying personalized advertising within the Spotted app or Spotted domain. The user can revoke this consent at any time by objecting to the display of personalized advertising in the profile settings under the item "Privacy/Tools".
More information and the privacy policy of Apple Inc. can be found here: https://www.apple.com/legal/privacy/
More information as well as the privacy policy of Google Inc. can be found here: https://www.google.com/intl/en/policies / privacy /
4.3. Use of Location Data
In addition to the collection of location data via GPS location (see Section 3.3) to fulfill the Location Based Service, Spotted also collects and uses location data in order to be able to suggest to the User, on the basis of the data thus obtained, advertising offers within Spotted that are suitable for him/her in terms of location and subject matter.
When using Spotted, consent is obtained from the user in the product that the user agrees to their location-based data being used for the purpose of transmitting it to third-party providers for the display of personalized advertising within the Spotted app or Spotted domain. The user can revoke this consent at any time in the profile settings under "Privacy/Tools" with effect for the future.
5. What cookies, tracking providers, analytics services does Spotted use? How are social media and like buttons integrated?
5.1 Cookies and Cookie Policy
In order to use the Spotted domain as comfortably as possible, we use cookies on the Spotted domain. Cookies are small text files that are stored locally in the cache of the Internet browser (so-called session cookies) or on the hard drive of the mobile device or computer used (so-called permanent cookies). The browser settings can be selected in such a way that cookies are rejected or that reference is made to them before they are set. By setting cookies, users are assigned pseudonymous IDs. Cookies do not execute programs on the user's terminal device or even transmit viruses. Session cookies are deleted from the cache at the end of the browser session.
dua AG also uses cookies to increase the security of the Spotted Domain. For example, to authenticate the user during a session, to prevent cross-site scripting or to prevent phishing and fraudulent activities such as scamming.
Furthermore, tracking providers/analysis services (see also the explanations under point 5.2 Use of tracking providers/analysis services) set cookies on the user's terminal device on behalf of dua AG in order to record usage data. This is data that can be collected while the user is browsing the pages of the Spotted domain or clicking on advertisements, for example. These cookies are used to display targeted advertisements, to optimize reports on advertising campaigns and to prevent identical advertisements from being displayed more than once.
Users can influence the use of cookies. Most browsers have a settings option that limits or completely prevents the storage of cookies. However, we would like to point out that the use and in particular the user comfort of Spotted may be limited without the use of cookies.
5.2 Tracking Providers, Analysis Services
In order to optimize Spotted services and offer them in the best possible way, Spotted performs analyses of visitor behavior. For this purpose, dua AG uses analysis procedures with which visits to the Spotted domain or Spotted app can be analyzed. Furthermore, third-party tracking tools are used to analyze the reach of various advertising campaigns and marketing activities. When using third-party tools, personal data may also be transmitted.
The purpose of the data processing is, in addition to troubleshooting, primarily the optimization of Spotted with regard to the needs of the users. dua AG also receives key figures about the number of visitors and their distribution over time, about popular content and the length of time users spend on the site via the web analysis procedure. If necessary, it can be determined whether a user profile was created as a result of an advertising measure. The data is processed and used to prevent and combat fake profiles, illegal activities and spam, as well as to ensure the security of the Spotted platform. To perform the analysis, user data is transmitted to various third-party providers.
The following analytics and tracking providers are currently used by Spotted:
Crashlytics (Fabric)
The Spotted app uses the analysis tool "Crashlytics" (Fabric) of the company Crashlytics, 1 Kendall Square, Cambridge, MA 02139, USA (hereinafter: "Crashlytics"). This analysis program uses IP addresses of the users for analysis purposes, which are, however, only used anonymously. It is not possible to draw conclusions about a specific person. Crashlytics provides dua AG with real-time evaluations of system crashes and thus facilitates the maintenance and improvement of the Spotted app. A user ID, clicks and technical device data are transmitted to analyze the error.
For more information on Crashlytics' privacy policy, please see their privacy policy: http://try.crashlytics.com/terms/
Google Analytics
Spotted uses "Google Analytics", a service provided by Google Inc, 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA (hereinafter: "Google"). dua AG points out that when using Spotted
Google Analytics has been extended by the IP masking function "_ gat._anonymizeIp"
to
ensure an anonymized collection of IP addresses
The following information on the use of Google Analytics should be noted:
Google Analytics uses cookies that are stored on the device and that enable an analysis of the use of Spotted. The information generated by the cookie about your use of Spotted is usually transmitted to and stored by Google on servers in the United States. However, by activating IP anonymization, Google's IP address will be truncated beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. On behalf of dua AG, Google will use this information for the purpose of evaluating your use of our service, compiling reports on our activities and providing other services relating to website activity to the operator.
The user has the option to object to this:
The collection and storage of data by Google Analytics can be objected to at any time with effect for the future. For this purpose, the User has the option of installing a browser plug-in issued by Google. This is available for various browser versions and can be downloaded at http://tools.google.com/dlpage/gaoptout?hl=en For more information about Google's use of data for advertising purposes, settings and opt-out options, please visit the Google websites: https://www.google.com/intl/en/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.com/settings/ads ("Manage the information Google uses to show you ads") and http://www.google.com/ads/preferences/ ("Determine what ads Google shows you").
Flurry Analytics
Spotted uses the web analytics service Flurry Analytics, a program of Flurry Inc, 360 3rd St Suite 750, San Francisco, CA 94107, USA. Flurry Analytics is a tool for anonymized analysis of usage behavior in apps. The information thus obtained enables the app to be better adapted to the demands and wishes of users. .
Flurry uses cookies. The information generated by the cookies about your use of the app is usually transmitted to a server of Flurry Inc. in the USA and stored there. The following technical data, among others, is collected via Flurry: Device type, operating system and version number, provider name, timestamp, app version, usage time and language setting, country code, error reports. Data related to the individual end device (MAC address, IMEI number, device identifier) is deleted directly after collection and replaced by Flurry with a specific code.
The information collected via Flurry is provided to Verlagsgruppe Random House in aggregated form, such as the number of app users in a given period. Personal data is not evaluated. Information on Flurry's compliance with data protection can be found on the Flurry website: https://privacy.oath.com (there in the section relating to "Flurry Analytics").
5.3 Social Media Links
The Spotted domain may contain links to dua AG's accounts on the social networks Instagram, YouTube, Pinterest, Twitter, Facebook and Google+. After clicking on the embedded graphic, the user is redirected to the page of the respective provider of Instagram, YouTube, Pinterest, Twitter, Facebook or Google+, i.e. only then is user information transmitted to the respective provider.
If the user is logged into his user profile in the corresponding social network, an association with the visit to Spotted takes place after activation of the button.
If the user does not want the social networks to collect data about the Spotted domain, he should log out of these accordingly before visiting the Spotted domain. However, when the corresponding button is activated by click, cookie(s) with an identifier are nevertheless set each time Spotted is called up. Therefore, data may be collected via this function and a profile may be created that can be traced back to an individual person under certain circumstances. If the user does not wish this to happen, he or she can deactivate the corresponding link within the Spotted domain by clicking on it. The user can also set his browser to generally exclude the acceptance of cookies; however, we would like to point out that in this case the functionality of Spotted may be limited.
Information on the handling of personal data when using these websites can be found in the respective privacy policies of the providers.
The Facebook Privacy Policy (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) can be found at https://www.facebook.com/about/privacy/.
Twitter's Privacy Policy (operated by Twitter Inc., 795 Flom St., Suite 600, San Francisco, CA 94107, USA) can be found at https://twitter.com/privacy.
Instagram Privacy Policy (powered by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) can be found at https://www.instagram.com or https://help.instagram.com/155833707900388.
Google+ / YouTube
Google / YouTube Privacy Policy (each operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) can be found at https://www.google.com/intl/en/policies/privacy/.
Pinterest's Privacy Policy (operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA) can be found at https://about.pinterest.com/en/privacy-policy.
5.4 Integration of like/share buttons, social plugins
Furthermore, social plugins of the social networks Facebook (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) are initially inactively integrated on the Spotted domain.
By clicking on "Like us on Facebook, the respective social plugin is activated by Facebook and only then is any user information transmitted to the Facebook provider. With a further click, the user can then like or follow the dua AG account and will be informed by the service about activities of the dua AG account on Facebook. dua AG has no influence on the collection, processing and use of data of the respective networks..
If the user does not wish the social networks to collect data about the Spotted domain, he or she should log out of these accordingly before visiting the Spotted domain. However, when the corresponding button is activated by click, cookie(s) with an identifier are nevertheless set each time Spotted is called up. Therefore, data may be collected via this function and a profile may be created that can be traced back to an individual person under certain circumstances. If the user does not wish this to happen, he or she can deactivate the corresponding link within the Spotted domain by clicking on it. The user can also set their browser to generally exclude the acceptance of cookies; however, we would like to point out that in this case the functionality of Spotted may be limited.
The Spotted Domain uses the social plugin for the social network at facebook.com from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook's privacy policy can be found at https://www.facebook.com/about/privacy/.
5.5 Facebook Connect
dua AG offers the User the opportunity to register for Spotted with Facebook Connect. To register, the User is redirected to the Facebook site (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), where he or she logs in with his or her user data, unless he or she is already logged in. By means of a click by the user, the respective Facebook profile and the user profile at Spotted are then linked with each other. Through the link, dua AG automatically receives the User's data from Facebook in the form of the e-mail address and other data within the User's public Facebook profile. The public Facebook profile contains data that the User has made available to the public on Facebook. Typically, the public Facebook profile includes the following data: Name, profile picture, gender, language, country, age range, Facebook ID, friends, likes and relationship status.
Of this data transmitted by Facebook, dua AG uses the email address, Facebook ID, profile picture, Likes, locations and birthday. This information is used for the user profile. Further information on Facebook Connect and privacy settings can be found in Facebook's privacy policy and terms of use at https://www.facebook.com/policy.php.
5.6 Use of Social Media: Videos
Use of Youtube videos This website uses the Youtube embedding function to display and play videos from the provider "Youtube", which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Here, the extended data protection mode is used, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider "Youtube" uses cookies to collect information about user behavior. According to information from "Youtube", these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit.f DSGVO on the basis of Google's legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Independently of a playback of the embedded videos, a connection to the Google network "DoubleClick" is established each time this website is called up, which may trigger further data processing operations without our influence. Google LLC, based in the USA, is certified for the us-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU. Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://www.google.com/intl/en/policies/privacy
6. How data is disclosed or passed on
dua AG does not pass on personal data of users to third parties, unless the user has given his or her consent, the transfer is required by law or permitted by law.
6.1 General information on the transfer of personal data
User data and other data
Spotted may disclose customer data to the following third parties for the purpose of executing the contract:
Spotted may share or disclose Customer Data as follows:
6.2 Categories of Data Recipients and Data Transfer
Spotted currently uses external data processors for the following services:
Depending on the nature of the services provided, Spotted may also engage affiliates as data processors for the provision of some or all of the services provided to Customer.
Personal Data may be processed by us and/or service providers in the following countries:
We protect users' personal data in accordance with contractual obligations and applicable data protection laws when data is transferred abroad.
These protections may include:
7. How are data processed and used for anti-spam purposes?
To combat spam (foreign advertising), illegal acts (fraud, extortion, prostitution, etc.), personal data are used as follows:
8. What is the process for deleting data and creating backups?
With the deletion of the user profile (Attention: Not by deletion of the Spotted app!) or corresponding notification to us, all collected data of the user will be deleted. This does not apply to data that must be retained due to legal regulations or for contract processing. In addition, the user can at any time delete individual data in the profile itself or request us to do so via a corresponding notification. A deletion from the productive databases and thus from the user interface of Spotted will take place immediately; however, it may take up to 14 days until a deletion from all server layers, cache memories and backup databases of Spotted takes place.
dua AG reserves the right to check profile files prior to deletion and, if necessary, to back them up if, based on certain facts, there is a suspicion that the user profiles are being used by Spotted in violation of the law or the contract. This serves the protection of the users of the offers of dua AG.
Independently of the deletion of data initiated by the user through profile deletion, Spotted automatically deletes historical data that is no longer required for the fulfillment of the contract (e.g. historical location data as well as IP data) at regular intervals.
dua AG creates so-called backups to secure the data files, which are overwritten after 14 days and thus finally deleted. If these backups contain log files, these are also deleted. In the event of the complete deletion of a user profile, the log files will also be deleted.
9. What data security measures are in place at Spotted?
dua AG takes user trust and data protection extremely seriously. To prevent unauthorized access to or disclosure of user data, to maintain data integrity, and to ensure the appropriate use of data, dua AG uses appropriate physical, technical, and managerial procedures to safeguard and secure the information dua AG collects.
For the best possible protection of the user's data, the Spotted domain or Spotted app is offered via a secured SSL connection, i.e. the data is transmitted in encrypted form both between the servers and the browser and between the servers and the app.
10. Rights of the user: consent and revocation, information, correction, deletion, transfer
10.1 Consent and Revocation
In the course of registering with Spotted, the user consents to the collection, storage and processing of his/her personal data in accordance with this Privacy Policy and the GTC. The user must expressly declare this consent when creating the user profile. This consent, as well as the entire process of creating the user profile, will be recorded by dua AG.
The user can revoke their consent at any time with effect for the future. This can be done by deleting the user profile (not the Spotted-App), at the indicated places in the Spotted-App or Spotted-Domain within the user profile or by e-mail, telephone or letter to us: MAIL: dua AG, Leutschenbachstrasse 95, 8050 Zurich, Switzerland, E-MAIL: datenschutz@spotted.de
10.2 Information, correction, deletion, transfer, objection
In accordance with the applicable laws, the user has a right to free information about the personal data stored about him and, if applicable, a right to correction and/or deletion or transfer of this data. Insofar as we process personal data on the basis of legitimate interests, users have the right to object to the processing at any time on grounds relating to the user's particular situation. If it is a matter of objecting to data processing for direct marketing purposes, users have a general right of objection, which is also implemented without providing reasons. For this purpose, the user may contact datenschutz@spotted.de by email, for example.
10.3 Right to complain to a supervisory authority
Users have the right to contact a data protection supervisory authority if they believe that the processing of their personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html). Users from the EU/EEA can assert this right, for example, with a supervisory authority in the member state of their residence, workplace or location of the alleged violation.
11. Modification of the privacy policy
dua AG will update this privacy statement if necessary. The use of user data is subject to the current version, which can be found at http://www.spotted.com/data_protection. In the event of a change to this statement regarding an insignificant area (for example, a change in permissions, new features, a new contact person, etc.), the User will be notified by email to the email address associated with the user's profile. If the user continues to access and use Spotted after these changes take effect, the user agrees to be legally bound by the revised Privacy Policy.
12. Contact person for data protection
In case of questions regarding the collection, processing or use of personal data, in case of information, correction, blocking or deletion of data as well as revocation of given consents, the user should - as far as applicable - delete or change his user profile (not of the Spotted app) at the indicated places in the Spotted app or Spotted domain within the user profile or contact us by email or letter:
dua AG
Leutschenbachstrasse 95
8050 Zürich
Switzerland
E-MAIL: datenschutz@spotted.de