Privacy Policy

We are open with you regarding the personal data we collect from you. In this privacy notice, we therefore describe how we process your personal data when you visit our website www.teststar.com ("Platform") or use the services offered on our Platform ("Module" or "Modules"). In addition to our general information Chapter I. can be found in Chapter II. data protection information in connection with the registration of a member account and in Chapter III. Information on data processing in connection with our Earn Money module.

This privacy policy is for your information. Further information about cookies on our platform can be found in our Cookie Policy.

I. General information

1. Person responsible

We, Teststar GmbH, Rödingsmarkt 39, 20459 Hamburg, are responsible for data processing in connection with the platform and the use of our modules (Art. 4 No. 7 GDPR).

You can reach our data protection officer at:

DataCo GmbH, represented by Kivanc Semen (CEO)
Sand Str. 33, 80335 Munich, Germany
Email: datenschutz@dataguard.de
Phone: +49 89 452459 900

2. Information that we automatically receive from you when you visit our platform

When you visit our platform, the following information is automatically collected and processed from you:

IP address
browser type and version
Device
operating system
date and time of access
country
Language

The processing of the above information is based on our legitimate interests in providing you with our platform and ensuring the stability and security of our platform, Art. 6. (1) (f) UK GDPR. In addition, we process the information for analysis and product development purposes (e.g. to identify possible technical errors in the platform or to determine when the platform and our modules are being used particularly heavily) based on our legitimate interests (Art. 6 (1) (f) UK GDPR) in troubleshooting and optimizing our platform and modules. This processing also applicable to users located in Australia, in line with the relevant provisions under the Australian Privacy Principles (APP 6) and the Australian Privacy Act 1988, which allow the processing of personal data for purposes related to the organisation's functions or activities. You have the option of objecting to the above processing on the basis of our legitimate interests at any time by sending us a short message to one of the communication channels in Chapter I.1 send.

3. Identity Verification and Legal Basis

Request and Purpose: To the extent permitted by applicable law and where alternative methods have been carefully considered, ID verification may be requested to the extent necessary for our field of operation. The implementation of ID verification shall be limited to circumstances where it is deemed necessary to ensure compliance with applicable policies and regulations. The prerequisite for this is the existence of a lawful basis and compliance with all legally prescribed protective measures.

In accordance with Art. 5(1)(a), Art. 12, and Art. 13 UK GDPR, as well as the corresponding provisions under the UK General Data Protection Regulation, the UK Data Protection Act, and Australian Privacy Principles (APPs), including APP 1 and APP 5, this requirement includes:

Requirement to provide a copy of the driver's license and only if one is not available, a copy of the ID card or passport/proof of age card with a PASS logo of the user (CitizenCard or young Scot Card).
Explanation of why the identity check is requested and the consequences if the request is not met.
Clear instructions on how to provide the copy to us.
A summary of how the copy of the identity document will be processed.
Copy of the relevant privacy policy / link to the relevant privacy policy

How we collect:

For users in the UK:

Teststar GmbH has a legitimate interest in verifying whether users adhere to their contractual obligations under the relevant Terms and Conditions and in storing the results of such verification for the duration of the relevant account’s existence. This documentation serves to establish, exercise, and/or defend teststar’s rights and claims, with no equally effective and less intrusive alternative to storing the verification results being apparent. The users’ rights and freedoms do not override teststar’s legitimate interest, as (i) the documentation does not include any sensitive personal data, (ii) storage is limited to the standard statutory limitation period under applicable laws, (iii) users are transparently informed about the processing, and (iv) copies of ID documents are not retained.

In accordance with the provisions and paragraphs specified in Articles 6 and 7 of the UK General Data Protection Regulation (UK GDPR), which are listed in brackets next to the corresponding documents, the following documents may be requested from the user within the scope of the purpose described above:

A copy of the user's driver's license (Art. 6 (1) (b), Art. 6(1)(f) UK GDPR) or
If the user does not have a driving license, a copy of the identity card (Art. 6 (1)(a), Art. 7 UK GDPR) or
Passport of the user/Proof of Age Card with a PASS logo of the user (CitizenCard or young Scot Card)(Art. 6 (1)(a), Art. 7 UK GDPR,),

Users are only required to provide a copy of the front of the document containing the information required for verification, but not the back. If other passports or passport replacement documents (e.g. passports of other EU citizens) are presented, the back or pages other than the front may be relevant. In this case, only the surname, first name, date of birth and expiry date should be visible in the relevant part of the document and all irrelevant data should be blacked out by the user. Parts/copies without this data should not be provided as copies.

Since the identity check is carried out solely for the purpose of verifying compliance with contractual obligations under the relevant General Terms and Conditions, users must ensure in accordance with Art. 5 (1)(c) UK GDPR that only the surname, first name, date of birth and validity date of the corresponding document (if available) are visible in the submitted document, while all other information is blacked out. If the uploaded document contains health data, it is mandatory that the corresponding health data is completely blacked out.

According to Art. 5 (1)(e) UK GDPR, personal data may only be stored for as long as is necessary for the purpose for which it is processed. After the ID document submitted by the user has been checked and the result of the verification (“Verification Result”) has been generated, the user will then be informed of the result of the ID verification (and any consequences). After the verification process has been completed, the copy of the ID document will be securely deleted immediately and the user will be confirmed that the copy of the ID document has been deleted.

The Verification Result can be kept as long as the relevant user account exists and for three years after deletion of the user account (beginning at the end of the calendar year in which the user account was deleted) in light of the respective standard limitation period under the UK Limitation Act 1980.

In case the Verification Results are relevant for legal disputes, they can be kept until the dispute has been finally settled.

For users in Australia:

Teststar GmbH has a legitimate interest in verifying whether users adhere to their contractual obligations under the relevant Terms and Conditions and in storing the results of such verification for the duration of the relevant account’s existence. This is necessary for fulfilling contractual obligations, in line with APP 3.2, which requires personal information to be collected only if reasonably necessary for the entity’s functions. The information will be used solely for the verification purpose as per APP 6, and not for other purposes unless reasonably expected by the user. The users’ rights do not override teststar’s interest, as (i) no sensitive personal data is included, (ii) storage is limited to the statutory limitation period, (iii) users are transparently informed (APP 1 and APP 5), and (iv) copies of ID documents are not retained.

In accordance with APP 3 and APP 6 of the Australian Privacy Principles (APPs), the following documents may be requested from the user within the scope of the purpose described above:

A copy of the user's driver's license or
If the user does not have a driving license, a copy of the user's passport,

Users are only required to provide a copy of the front of the document containing the information required for verification, but not the back. If other passports or passport replacement documents are presented, the back or pages other than the front may be relevant. In this case, only the surname, first name, date of birth and expiry date should be visible in the relevant part of the document and all irrelevant data should be blacked out by the user. Parts/copies without this data should not be provided as copies.

Since the identity check is carried out solely for the purpose of verifying compliance with contractual obligations under the relevant General Terms and Conditions, users must ensure in accordance with APP 3.2 and APP 9 that only the surname, first name, date of birth and validity date of the corresponding document (if available) are visible in the submitted document, while all other information is blacked out. If the uploaded document contains health data, it is mandatory that the corresponding health data is completely blacked out.

Important Notice: The ID document is only deemed to have been copied if it was copied by the cardholder himself/herself and in such a way that the copy is clearly and permanently recognizable as such. If the copy has not been properly redacted by the user, only the relevant information (surname, first name, date of birth, expiry date of the relevant document (if any) will be taken into account during verification.

Personal data may only be stored for as long as is necessary for the purpose for which it is processed. After the ID document submitted by the user has been checked and the result of the verification (“Verification Result”) has been generated, the user will then be informed of the result of the ID verification (and any consequences). After the verification process has been completed, the copy of the ID document will be securely deleted immediately and the user will be confirmed that the copy of the ID document has been deleted.

The Verification Result can be kept for up to six years after deletion of the user account as this is the standard limitation period for contractual claims under Australian law.

In case the Verification Results are relevant for legal disputes, they can be kept until the dispute has been finally settled.

4. Contact and Feedback

In addition to the I.1 You can also send messages and feedback via our contact form to us. In this case, we save the topic you have chosen, the information you have entered (email address, customer number (optional), postcode (optional), subject, content of the message), as well as the date and time of contact. Your data will be processed for the purpose of processing your request on the basis of your consent, which you express by clicking the "Send" button or by sending your email to us, Art. 6(1)(a) UK GDPR. This applies to users located in Australia as well, in line with the Australian Privacy Principles (APP 3) and the Australian Privacy Act 1988, which require consent for the collection and processing of personal data.

5. Facebook Fanpage and Page Insights

We use https://www.facebook.com/recommended/ a Facebook fan page to provide visitors and interested parties with information about our company, our platform, app and our modules. Facebook provides us with Page Insights for this fan page. Page Insights are aggregated data that allow us to gain insight into how users interact with our fan page. The Page Insights may be based on personal data collected in connection with a visit or interaction by people on or with our fan page and its content. Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) and we act as joint controllers for the processing of Insights data and have concluded an agreement with Facebook Ireland for this purpose. You can find this at https://www.facebook.com/legal/terms/page_controller_addendum The legal basis for the processing of page insights is our legitimate interest in responding more specifically to the interests of visitors to our fan page based on the interaction on our fan page (Art. 6(1)(f) UK GDPR). This also applies to users in Australia, in line with the Australian Privacy Principles (APP 6) and the Australian Privacy Act 1988, which allow for the processing of personal data for purposes related to the organisation's functions or activities. You have the option of objecting to the above processing on the basis of our legitimate interests at any time by sending us a short message to one of the communication channels in Chapter I.1 send.

7. Your rights

In Chapter II.3 as well as Chapter III.3 you will receive information on how you can withdraw your consent at any time. In addition, if the legal requirements are met, you are entitled to the following rights as a data subject, which you can exercise via one of the Chapter I.1 You can assert your rights against us using the communication channels mentioned above:

For users in the UK:

right to information, Art. 15 UK GDPR
Right to rectification, Art. 16, 19 UK GDPR
Right to erasure, Art. 17, 19 UK GDPR
Right to restriction of processing, Art. 18, 19 UK GDPR
Right to data portability, Art. 20 UK GDPR
Right of objection, Art. 21 UK GDPR

You have the right not to be subjected to a decision based solely on automated processing (Article 22 UK GDPR). In connection with our platform and our modules, your personal data will not be subjected to a decision based solely on automated processing that has legal consequences or otherwise affects you (including profiling within the meaning of Article 22 UK GDPR).

For users in Australia:

You have the right to be informed about the collection and use of your personal data (APP 1.4, APP 5).
You may request the correction of inaccurate or incomplete personal data (APP 13).
Your personal data will be deleted if it is no longer required for legal or business purposes (APP 11.2).
Your personal data will not be used for direct marketing if you opt out (APP 7).

In connection with our platform and modules, your personal data will not be subjected to a decision based solely on automated processing that has legal consequences or significantly affects you, in compliance with Australian privacy law.

If you believe that the processing of your personal data is unlawful, you can complain to the responsible supervisory authority at any time. The responsible supervisory authority for data processing by us is:

The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6
20095 Hamburg
www.datenschutz-hamburg.de

8. Storage of your data

We will not store your personal data for longer than is necessary for the purpose for which it was collected, unless we are permitted or required to continue to store it by law or contractual provisions.

9. Any questions?

If you still have questions at this point or if you have any questions about data protection with us, you can contact us at any time (see Chapter I.1).

II. Creation of a member account

To activate and use our modules, you must first create a member account.

As a registered member, you have the option of activating the modules we offer on our platform. At the same time, you can use the access data of your member account to verify the use of other applications provided by us and the modules available there (e.g. our app).

Further information on activating and deactivating individual modules as well as your member account can be found in our Terms and Conditions.

1. Registration

a) With your email address

First, you have the option of registering with us by entering your contact details. To do this, you will be asked to enter your email address and a password in the registration form.

b) with your Facebook account

Alternatively, you have the option of registering for our member account on the platform using your existing Facebook account. For this purpose, we have integrated the social login button "Facebook connect", a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA ("Facebook") on our platform. You can recognize the Facebook social login button by the Facebook logo button and the inscription "Continue with Facebook" or "Continue with [Your first name]".

If you voluntarily decide to register with us for a member account using your Facebook account, we will receive access to your public profile on Facebook. Depending on the privacy settings you have made on Facebook, this includes your user ID, name, profile picture, age and gender. You can delete or change the profile picture imported from Facebook in the settings of your member account.

If you decide to register with your Facebook account, we would like to point out that we may receive additional information about your profile from Facebook if you have marked additional information as "public" in your Facebook privacy settings (e.g. friends list). The data transmitted by Facebook is processed by us to set up and manage your member account. Conversely, when you voluntarily register with your Facebook account, information is transmitted from us to Facebook (e.g. the fact that you use our platform).

For further information about Facebook Connect and privacy settings, please refer to the Facebook privacy policy (https://de-de.facebook.com/about/privacy/) and Terms of Use (https://www.facebook.com/legal/terms).

c) with your Google user account ("Google Sign In")

You also have the option of registering for a member account on our platform using "Google Sign-In". Google+ Sign-In is a social login service provided by Google Ireland Limited, Google Building House, 4 Barrow St. Dublin, D04 e5w5, Ireland ("Google"). You can recognize the Google social login button by the Google logo button and the inscription "Continue with Google".

If you voluntarily decide to use your Google account to register, you will first be redirected to the Google website and must log in there with your user data. This will link your Google account to our platform and we will have access to your first and last name, email address and profile picture. You can delete or change the profile picture imported from Google in the settings of your member account.

If you are logged in using your Google account, it is possible that Google will receive data about your user activities on our platform (e.g. accessing our platform). We process this information to set up and manage your member account.

For more information about Google Sign-In and privacy settings, see the Google Privacy Policy (https://policies.google.com/privacy?hl=de) and Terms of Use (https://policies.google.com/terms?hl=de).

2. Providing additional voluntary information in your member account

In addition to the information you provide in your member account, you can also voluntarily provide us with further information (e.g. mobile phone number, social networks used) and add a profile picture to your member account. If you register for a member account via our app and activate a module on our platform using the access data for your member account, we will link your member account to the device you use (e.g. mobile phone, tablet).

3. Legal basis for data processing

We use the information you provide to us in the above ways in connection with your registration to create and manage your member account and thus to fulfill our contractual obligations in accordance with Art. 6 (1) (b) UK GDPR. This also applies to users in Australia, in line with the Australian Privacy Act 1988 and APP 3, which allow for the collection and use of personal information when it is reasonably necessary for the organisation’s functions or activities, including fulfilling contractual obligations.

If you decide to register via social login (see Chapter II.1), the aforementioned data transfers between us and the respective provider of the social login you have selected are based on your consent in accordance with Art. 6 (1) (a) UK GDPR, which you express by voluntarily selecting this registration option. This also applies to users in Australia, in line with the Australian Privacy Act 1988 and APP 3, which require that personal information be collected and shared only with the individual’s consent when not strictly necessary for the organisation’s functions or activities. Please note that consent once given can be revoked at any time with effect for the future - in full or in part; the legality of the processing carried out on the basis of the consent until the revocation remains unaffected. You can revoke your consent at any time using one of the methods provided in Chapter I.1 mentioned communication channels.

4. Recipients of your personal data

To ensure that the registration, setup and administration of your member account works both technically and operationally, we have integrated social login services (see Social Login Providers in Chapter II.1) external service providers are also involved in the data processing, who support us in the technical provision and administration of the member account (e.g. operation and maintenance of our platform; provision of member support services).

Taking into account our data protection obligations, we have concluded appropriate agreements with these recipients to protect your personal data.

Furthermore, the personal data concerning you will be passed on to public bodies and other recipients who are permitted to receive this information due to legal regulations (e.g. tax authorities, tax consultants, law enforcement authorities, legal counsel).

If your personal data is processed by us or the aforementioned recipients outside the European Union or the European Economic Area (so-called third countries), we have taken appropriate measures to ensure that in the event of the transmission and processing of your personal data, an appropriate level of data protection is guaranteed by the recipient of your personal data in a third country, for example due to a recognized level of data protection on the recipient side (e.g. EU-US Privacy Shield certification) or by concluding so-called standard contractual clauses of the EU Commission. Please contact us via one of the communication channels mentioned above (Chapter I.1) if you would like further information or a copy of the measures taken.

III. Earn money – module-specific information on data protection

If you decide as a registered member to activate the Earn Money module on our platform, you will find the following information on data protection

The processing of your personal data in connection with earning money
legal basis for data processing
recipients of your personal data

1. The processing of your personal data in connection with earning money

a) Participation in orders

You have the option to activate the Earn Money module on our platform. The Earn Money module is an online evaluation and survey portal on which we provide surveys, tests or evaluations of third-party products and services ("our clients"), e.g. online surveys, product tests, app tests and website tests ("orders").

Further information on participation and remuneration conditions can be found in our General Terms and Conditions.

If you decide to participate in an order, the content you submit in this context (e.g. information, reviews, images, videos, screenshots) will be used by us on the basis of the contract concluded between us in order to

To transmit your information (without stating your name, email address or other information about your member account) to our respective client for the purpose of analyzing and evaluating the order;
to check the proper fulfillment of the order and also to provide evidence of this to our respective client;
Link your information and ratings to your member account in order to be able to offer you suitable orders in the future based on the information you provided in orders.

b) Notifications about suitable orders

Based on the contract concluded between us, one of our key services is to inform you as a member about suitable orders based on your activities in connection with our module. The notifications are sent via the communication channels you selected in the settings (email and SMS), or by using the notification app "recommended" (iOS) and "teststar.com" (Android). We therefore also use the contact details you provide in your member account to send you appropriate information and short notifications about new orders.

We have also integrated technology from the provider OneSignal Inc., 2194 Esperanca Avenue, Santa Clara, CA 95054 ("One Signal") on our platform to alert you to suitable orders while you are using the module using web push notifications. OneSignal receives certain information from you for the technical provision and processing of the platform push service (e.g. your IP address, your email address, type and version of your operating system, your language settings, time zone and network settings (e.g. WiFi)). You can find more information about this in One Signal's privacy policy: https://onesignal.com/privacy_policy.

You can object to receiving platform push notifications at any time by sending us a short message to support@teststar.com send.

c) Withdrawal of credit balances

If you would like to withdraw your balance in accordance with our Terms and Conditions, we ask you to enter your account information (e.g. IBAN) and any other information required for tax reasons in your member account.

Furthermore, payments to our members are processed exclusively by a payment service provider specified on the platform.

d) 3D Liveness Check and Fraud Prevention

If you wish to withdraw a balance, we may ask you to carry out a so-called 3D Liveness Check on our platform in order to determine the "realness" of your person (i.e. to determine that you are a human and not a robot or other spam software) and to prevent fraud.

Subject to your express consent, which we will ask you for separately in each respective case, a 3D facial image of your person will be taken using the 3D facial recognition software from FaceTec, Inc. in order to recognize features and anchor points of a human face (so-called facial geometry such as the position of the eyes).

After your biometric facial recognition has been successfully completed, neither your personally identifiable facial geometry nor the 3D facial image will be saved. Only the result of the authentication and the time and date will be saved [in your member account].

Subject to your explicit consent as mentioned above, your 3D facial image will also be converted into a so-called "3D FaceVector" for the purpose of ongoing fraud prevention on the platform. The 3D FaceVector is an n-dimensional vector of your facial features without the addition and/or further use of your facial image. The 3D FaceVector is neither linked to your member account nor in any other way to your person on our platform and therefore cannot be assigned to you personally.

We can use the data points in the 3D FaceVector as a comparison criterion for future ID Liveness Checks on our platform in order to identify unlawful multiple registrations and unauthorized withdrawal requests (see Terms and Conditions Part 1: § 1 (1); Part 2: § 3 (3); § 5 (4)). If a person maintains another member account contrary to our Terms and Conditions and also wants to make a withdrawal with this member account and authenticate themselves using an ID Liveness Check, the 3D FaceVector created in this context will be compared with existing 3D FaceVectors in order to identify duplicates.

The entire process of biometric facial recognition using the facial recognition software of FaceTec, Inc. takes place on our servers in Germany and neither FaceTec, Inc. nor other recipients and/or third parties have access to the data processed for the purpose of biometric facial recognition or are involved in this data processing.

Further information on the 3D Liveness Check from FaceTec, Inc. can be found here: www.facetec.com

Please note that consent once given can be revoked at any time with effect for the future – in whole or in part; the legality of the processing carried out on the basis of the consent until the revocation remains unaffected. You can revoke your consent at any time via one of the Chapter I.1 mentioned communication channels.

e) Improvement of our module and security

We would also like to point out that we use the content you submit as part of orders for analysis, statistics and product development purposes. With the support of these pseudonymous evaluations, we can not only guarantee the ongoing security of your data on our platform, but also have the opportunity to continuously optimize our module for earning money on our platform according to your use and interests.

2. Legal basis for data processing

The processing of your personal data in connection with participation in orders, notification of suitable orders via e-mail, SMS and platform push notifications as well as the payment of credit is carried out on the basis of our contract and thus to fulfill our contractual obligations, Art. 6(1)(b) UK GDPR. This also applies to users in Australia, in line with the Australian Privacy Act 1988 and APP 3, which allow for the collection and processing of personal information when it is reasonably necessary for the organisation’s functions or activities, including fulfilling contractual obligations.

The further processing of pseudonymous data records for analysis, statistics and product development purposes is based on our legitimate interest in understanding how our module Earn Money is used and in optimising our business model in accordance with the use and interests of our members, Art. 6(1)(f) UK GDPR. This also applies to users in Australia, in line with the Australian Privacy Act 1988 and APP 6, which allow the use of personal information when it is necessary for the organisation’s legitimate functions or activities and where individuals would reasonably expect such processing. You have the option of objecting to the processing of your transmitted pseudonymous content at any time by sending us a short message to one of the communication channels in Chapter I.1 send.

If we require your separate consent in individual cases for the processing of your personal data, we will ask you to grant this consent separately from this data protection notice. Please note that consent once granted can be revoked at any time with effect for the future - in whole or in part; the legality of the processing carried out on the basis of the consent until the revocation remains unaffected. You can revoke your consent at any time via one of the Chapter I.1 mentioned communication channels.

If we ask you to carry out a liveness check for the purpose of member authentication and fraud prevention as part of the first payout of your balance, the associated processing of biometric data will be carried out on the basis of your explicit consent in accordance with Art. 9(2)(a) UK GDPR. This also applies to users in Australia, in line with the Australian Privacy Act 1988 and APP 3, which require explicit consent for the collection and processing of sensitive information, including biometric data.

3. Recipients of your personal data

In addition to the requirements of our Cookie Policy In the case of integrated content and services from third-party providers, we pass on your personal data to selected service providers who support us in the technical provision of the module and the processing of orders, namely the processing of payments to our members, the administration of our customer database, the provision of member support services and the sending of SMS/email and platform push notifications about new orders. Taking into account our data protection obligations, we have concluded corresponding agreements with these recipients that serve to protect your personal data.

This marketing cookie is stored for a period of one (1) year.

For further information, please see Facebook’s privacy policy: http://www.facebook.com/policy.php.

Google Ads Conversion

Our platform also uses so-called "conversion tracking" from Google Ads (formerly Google Adwords) to draw attention to our offers and services using advertising materials (so-called Google Ads) on external websites. If you click on an ad from the Google advertising network, a cookie is stored on your device. The analysis values stored for this cookie are usually the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted). This cookie expires after 30 days and does not contain any personal data. If you visit certain websites within these 30 days, Google recognizes that you have clicked on an ad and that you have then been redirected to our platform. Each Google Ads customer is assigned a different cookie. Cookies cannot therefore be tracked via the websites of Google Ads customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, and in particular we cannot identify users based on this information. The information collected using the cookie is used to create statistical evaluations for Google Ads customers. Google Ads customers can use this to find out the total number of users who were redirected to their website via advertisements. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Google Ads Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address. In addition to our cookie settings, you can prevent participation in this tracking process by deactivating the cookie for Google Ads Conversion Tracking at https://www.google.de/settings/ads deactivate.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

In order to better understand user behavior on our platform and to make our services more tailored to your interests, we use components of the social network "Pinterest" (Pinterest Inc., 808 Brannan St., San Francisco, CA 94103, USA) on our platform.

With the help of the Pinterest pixel, we can track the effectiveness of our advertisements for statistical and market research purposes by seeing whether users were redirected to our platform after clicking on one of our advertisements in the Pinterest social network (so-called “conversion”).

This marketing cookie is stored for a period of one (1) year.

Further information on data protection at Pinterest can be found here: https://policy.pinterest.com/de/privacy-policy

Reddit Conversion Tracking

We use the “Reddit Conversion Pixel” of Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, United States (“Reddit”) on our platform.

If you access our platform via a Reddit advertisement, Reddit places a so-called conversion cookie on your computer.

The information obtained through Reddit conversion cookies is used to create conversion statistics for us. This tells us the total number of users who responded to our ad and were then redirected to our platform, which was provided with a Reddit pixel. This cookie does not serve to identify you personally, but helps us with the statistical analysis and optimization of the use of our platform.

This marketing cookie is stored for a period of one (1) year.

Further information on privacy at Reddit can be found here: https://www.reddit.com/help/privacypolicy/

Snap Pixel and Website Custom Audience

For the purpose of analyzing and optimizing our platform and services, we use the so-called "Snap Pixel" of the social network Snapchat, which is operated by Snap Inc., Market Street, Venice, CA 90291, USA ("Snapchat").

With the help of the Snap pixel, Snapchat is able to determine the visitors to our platform as a target group for the display of advertisements (so-called "Snapchat ads"). Accordingly, we use the Snapchat pixel to only display the Snapchat ads we place to those Snapchat users who have also shown an interest in our platform or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited) that we transmit to Snapchat (so-called "custom audiences").

With the help of the Snap Pixel, we also want to ensure that our Snapchat ads correspond to the potential interests of users and do not appear annoying. With the help of the Snap Pixel, we can also track the effectiveness of Snapchat ads for statistical and market research purposes by seeing whether users were redirected to our platform after clicking on a Snapchat ad (so-called "conversion").

This marketing cookie is stored for a period of one (1) year.

Snapchat processes the data in accordance with Snapchat's data usage policy. Accordingly, general information on the display of Snapchat ads can be found in Snapchat's data usage policy: https://www.snap.com/en-US/privacy/privacy-center/.

Taboola

In order to improve the user-friendliness of our platform, we use the so-called "Taboola pixel" on our platform, which is operated by Taboola, Inc., 1115 Broadway, 7th Floor, New York, NY 10010, USA ("Taboola").

Using the Taboola pixel, Taboola collects user information about visitors to our platform (device-related data and log data) and uses this to create pseudonymous user profiles that enable us to provide visitors with individual recommendations for content and ads based on surfing behavior and visitor interests. The user profiles are created using pseudonyms; according to Taboola, they are not merged with the data about the bearer of the pseudonym.

This marketing cookie is stored for a period of one (1) year.

In addition to our cookie settings, you can object to the collection by the Taboola pixel and the use of your data for the above purposes at any time. To do so, Taboola provides a direct objection option, which you can access under the following link in the section "Users' options for choice and objection ("Opt Out")" under the following link: https://www.taboola.com/privacy-policy#user-choices-and-optout

For more information about Taboola, visit https://www.taboola.com/privacy-policy.

TikTok Pixel

We use the “TikTok Pixel” of TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”) on our platform.

If you access our platform via a TikTok ad, the TikTok pixel is placed on the device you are using and marked with a randomly generated user ID. a so-called conversion cookie on your computer.

The TikTok pixel enables us to collect information about your interactions with our advertisements and use it for analysis and statistical purposes. For example, we learn the total number of users who responded to our advertisement on the TikTok platform and were then redirected to our platform, which was provided with a TikTok pixel. The integration of the TikTok pixel and the associated data processing does not serve to identify you personally, but helps us with the statistical analysis and optimization of the use of our platform.

If you have agreed to the integration of analysis cookies such as those of the provider TikTok, the TikTok pixel will be used. This analysis marketing cookie will be stored for a period of one (1) year.

You can find further information on data protection at TikTok here: https://www.tiktok.com/legal/privacy-policy?lang=de

Twitter Pixel and Website Custom Audiences

For the purpose of analyzing and optimizing our platform and services, we use the so-called "Twitter Pixel" of the social network Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter").

We use Twitter's services to better understand user behavior on our platform and to make our services more tailored to your interests. Accordingly, we use the Twitter pixel to only show our advertising on the Twitter social network to those users who have also shown an interest in our platform or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited) that we transmit to Twitter (so-called "custom audiences").

With the help of the Twitter pixel, we can also track the effectiveness of our advertisements for statistical and market research purposes by seeing whether users were redirected to our platform after clicking on an advertisement (so-called “conversion”).

This marketing cookie is stored for a period of one (1) year.

Further information on data protection at Twitter can be found here: https://twitter.com/de/privacy.

YouTube

We have embedded YouTube videos on our platform that are stored on www.youtube.com and can be played directly from our platform. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google")

When you visit a subpage of our platform that includes YouTube videos, Google uses cookies to collect information about the fact that you have accessed the corresponding subpage of our platform. In addition, other metadata (e.g. device information, IP address) is transmitted directly to Google and processed. The processing of this data is subject to Google's own data protection regulations.

You can find Google's data protection declaration here: https://www.google.com/policies/privacy/.

For further information please visit https://support.google.com/youtube/answer/2801895?hl=en.

The marketing cookies are stored for a period of one (1) year.

VIII. Use of third-party services and content

We use or integrate the following third-party content and services on our platform based on our legitimate interests, namely the provision and design of interest-based content on our platform and the interest in the analysis and optimization of our services Art. 6(1)(f) UK GDPR. This also applies to users in Australia, in line with the Australian Privacy Act 1988 and APP 6, which allow the use of personal information where it is necessary for the organisation’s legitimate functions or activities and where individuals would reasonably expect such use:

If you reject this tracking process, you can deactivate the storage of cookies via your Internet browser. If necessary, use the help function of your browser for further information.

X. Who we share your information with

In addition to the Section VIII. cases described (disclosure or transmission to third-party service and content providers) pass on your personal data to selected service providers who support us with certain tasks, such as the operation and maintenance of our platform, the processing of payments to our members, the administration of our customer database and the sending of evaluation surveys and in this context process your personal data on our behalf and in accordance with the statutory data protection requirements (so-called data processors).

If your personal data is processed by us or the aforementioned third parties outside the European Union or the European Economic Area (so-called third countries), we have taken appropriate measures to ensure that an appropriate level of data protection is guaranteed by the recipient of your personal data in a third country if your personal data is transmitted and processed, for example by concluding so-called standard contractual clauses of the EU Commission. Please contact us at one of the addresses above if you would like further information or a copy of the measures taken.

XI. How long we store your personal data

We will not store your personal data for longer than is necessary for the purpose for which it was collected, unless we are permitted or required to continue to store it by law.

XII. Your rights regarding your personal data

We have already informed you in our data protection notice how you can revoke or object to certain data processing operations. In addition, you as the data subject can exercise the following rights if the legal requirements are met:

For users in the UK:

Right to information, Art. 15 UK GDPR
Right to rectification, Art. 16 UK GDPR
Right to erasure, Art. 17 UK GDPR
Right to restriction of processing, Art. 18 UK GDPR
Right to data portability, Art. 20 UK GDPR
Right to object, Art. 21 UK GDPR

For users in Australia:

You have the right to be informed about the collection and use of your personal data (APP 1.4, APP 5).
You may request the correction of inaccurate or incomplete personal data (APP 13).
Your personal data will be deleted if it is no longer required for legal or business purposes (APP 11.2).
Your personal data will not be used for direct marketing if you opt out (APP 7).

To exercise your rights, please contact us using one of the communication channels listed in Section I.

The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6
20095 Hamburg
www.datenschutz-hamburg.de