Data Protection

We, Lismio GmbH, Pfuelstraße 5, 10997 Berlin, Germany (hereinafter "we") are operators of the app "Lismio", (hereinafter "the app"), the websites https://lismio.app/, https://lismio.link/, https://backstage.lismio.com/, and https://portal.lism.io/ (hereinafter jointly "the websites") and the following social media channels: Facebook: https://www.facebook.com/lismioen; Instagram: https://www.instagram.com/lismio_audiobooks/; X: https://x.com/lismio_audio; YouTube: https://www.youtube.com/@lismiodiscoveraudiobooks6375; TikTok: https://www.tiktok.com/@lismio_en; including the language-specific profiles in German, Spanish and Dutch (hereinafter jointly "the social media channels") ("The app", "the websites" and "social media channels" are hereinafter jointly referred to as "the offering".)

We take the protection of your personal data very seriously. Accordingly, in the collection, processing and use of personal data, we adhere strictly to the provisions of data protection law applicable in the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the provisions of the Teleservices Act (Telemediengesetz, TMG) and Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes, TTDSG).

1. Controller of personal data

The controller within the meaning of Article 4(7) GDPR responsible for the collection, processing and use of your personal data is:

Lismio GmbH
Pfuelstraße 5
10997 Berlin
Germany
Telephone: +49 (0)30 488 2888 80
Email: support@lismio.com

Directors:
Tina Jürgens, Kaspar Kunisch

Companies register: Amtsgericht Charlottenburg HRB 247420 B
VAT ID: DE 234321649

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1) GDPR).

2. What data is collected during use of our offering?

a) Contact details

We offer users of our offering the opportunity of making contact with us by email. You alone decide whether you wish to convey information to us when so making contact, and if so which information. In that regard, we expressly warn that the electronic transfer of information can involve security loopholes. It is technically impossible to provide end-to-end protection of data against access by unauthorised third parties. We collect the following personal data, if you choose to provide it:

  • Forename and surname;
  • Company;
  • Email address;
  • Postal address;
  • Telephone number;
  • The issue you are communicating.

We delete the data collected in this context as soon as its storage is no longer necessary or, where applicable, on expiry of legal storage periods (for business correspondence, 6 years); in the latter case, we restrict data processing once it is no longer required. The legal basis for the processing and storage of personal data provided by you in the context of making contact with us is point (b) of the first sentence of Article 6(1) GDPR ("necessary for the performance of a contract").

b) Websites

When accessing our websites, the browser used on your terminal device will automatically send information to our website's server provided by our web host (see below, 2. g.). That information is stored temporarily in a log file. This involves the collection of the following data without your cooperation, and its storage until automatic deletion after 12 months:

  • IP address of the requesting computer (stored anonymised after collection);
  • Date and time of the server request;
  • Website from which access was gained (referrer URL);
  • Browser, operating system of your computer and name of your access provider.

The abovementioned information is evaluated only statistically and used to improve the functionality of our websites and the attractiveness of our offering. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests"). Our legitimate interest arises from reasons of guaranteeing a smooth connection, provision of optimum comfort and efficiency in use of our websites and system security. Under no circumstances do we use the data obtained for the purpose of making inferences about you as a person.

Furthermore, the following data is obtained and processed during use of our websites, for purely statistical evaluation:

  • IP address of the requesting computer (stored anonymised after collection and hashed);
  • Latitude and longitude of the place of access;
  • Terminal device used (model, type) as well as platform version, type and name.

Complete anonymisation is achieved by creating a "hash", generated from the anonymised IP address; latitude and longitude of the place of access; device model and type; and platform version, type and name, such that it is impossible to trace the data back to your name. The hash and the other data listed above will be stored anonymised on an analytics server - separately from all personal data given by a data subject - until its automatic deletion after 12 months. The legal basis for the processing of the listed data is point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests"). Our legitimate interest arises from the purposes of statistical evaluation in order to improve the functionality and attractiveness of our websites.

c) Downloading the app

When the mobile app is downloaded, the necessary information, in particular username, email address and customer number attached to your account, time of download and individual device ID, is transferred to the app store. We have no influence on this data collection, and are not responsible for it. The controller in this case is the app store operator concerned. We only process the data insofar as that is necessary for the download of the mobile app on your mobile terminal device. By downloading the app, you agree that we may conduct automatic updates, provided that this involves the collection and processing of no data other than that listed in this data protection notice. Automatic updates are required for the proper fulfilment of the contract. The legal basis for data processing is point (b) of the first sentence of Article 6(1) GDPR. If updates involve the collection and processing of new data, we will specifically request your consent for this. The legal basis then is point (a) of the first sentence of Article 6(1) GDPR.

d) Collection of access data during use of app

When the app is used with a user account, the following access data is obtained and processed:

  • Session start and duration;
  • Session number;
  • User loyalty;
  • IP address of requesting device (stored anonymised after collection and hashed);
  • Geolocation data (country, region/city, country code, latitude and longitude, time zone) for the place from which the app was accessed;
  • Terminal device used (series, model, type), resolution (screen size), app version, operating system (e.g. iOS or Android);
  • Platform version, type and name;
  • Browser information (browser type and version used);
  • Website from which an accessing system reached our app;
  • Language set on the terminal device;
  • User movements/retrievals within the app.

Complete anonymisation is achieved by creating a "hash", generated from the anonymised IP address; latitude and longitude of the place of access; device model and type; and platform version, type and name, such that it is impossible to trace the data back to your name. The hash and the other data listed above will be stored anonymised on an analytics server - separately from all personal data given by a data subject - until its automatic deletion after 12 months. The legal basis for the processing of your information during use of the app is point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests"). Our legitimate interest arises from our purposes of guaranteeing a smooth connection, provision of optimum comfort in use of the app and its optimisation, statistical evaluation for the improvement of the app, and evaluation of system security and system stability.

e) Collection of personal data during use of app

Furthermore, the following personal data will be collected and processed during use of the app by means of your user account:

  • Email address and password (encrypted);
  • User ID/username;
  • Details of contracts with streaming providers supported by the app, namely:
    • Company details of provider and
    • Language choice for audio books;
  • App settings vis-à-vis your service settings and your choices of region/country and language;
  • Your choice regarding the display of explicit content.

We also process user-generated content, contributions and other content that you create in the app, such as:

  • Reviews and comments;
  • Favourite titles you highlight in the app and playlists you create;
  • Your choice of avatar;
  • Authors and series that you follow in the app.

We use that information and data provided by you in providing the app, linking content from streaming providers and fulfilling the associated contract. Moreover, your audio book reviews and comments provide useful assistance to other app users, just as their reviews may help you as you select titles.

Book reviews or comments on audio books (hereinafter referred to collectively as "texts") are published by us after they are submitted to us. In that respect, you transfer to us in regard to these texts the right of publication as well as a non-exclusive, non-chargeable, permanent and irrevocable right to make the text (in whole or in part) publicly available online or offline through the app and our social media channels, to reproduce it and, as the case may be, translate it into other languages.

The legal basis for processing of personal data provided at registration and your submitted user-generated content is point (b) of the first sentence of Article 6(1) GDPR ("necessary for the performance of a contract"). In particular, the processing of user-generated content is necessary in order to provide you with a personalised user experience in the app as stipulated in the contract.

The legal basis for the processing and use of your comments and book reviews is furthermore point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests"). Our interest in making information on audio books and audio plays available to app users is regarded as legitimate in the spirit of the abovementioned provision.

f) Use of the app as guest without user account

You have the option of using the app even without a user account. In that case, we will create a temporary guest account with your device ID in order to provide you with limited use of the app through the guest account (only searching for content within the app, then listening to content externally). The legal basis for the temporary storage of the device ID is firstly your consent (point (a) of the first sentence of Article 6(1) GDPR) and secondly our legitimate interest in data processing (point (f) of the first sentence of Article 6(1) GDPR). As soon as you log out of the app, your guest account and the device ID stored for it are automatically deleted.

g) Hosting

We make use of hosting services provided by the web hosting company all-inkl.com - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter "All-Inkl."). These are: infrastructure and platform services, computing capacity, storage space and database services, email forwarding, security services and technical maintenance services, all of which we use for the purpose of operating our offering.

The data collected and processed by us in accordance with this data protection notice is stored on the servers of All-Inkl. in Germany, and deleted by us as soon as its storage is no longer necessary or, where applicable, on expiry of legal storage periods; in the latter case, we restrict data processing once it is no longer required. Use of the hosting services takes place on the basis of our legitimate interest in the efficient and secure provision of our offering in accordance with point (f) of the first sentence of Article 6(1) GDPR and on the basis of a data processing agreement concluded between ourselves and All-Inkl. (first sentence of Article 28(3) GDPR).

h) Cookies

We use "cookies" on our websites. Cookies are small text files that are stored on your terminal device, and by means of which information comes to us or a service provider appointed by us. Cookies are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or your web browser performs an automatic deletion. Cookies have various functions. Many cookies are technically necessary, as certain website elements would not function without them. By placing functional cookies, we make it easier for you to navigate our websites. They mean that you do not need to enter the same information repeatedly on visiting our websites. We can place such cookies without your consent. Other cookies serve to evaluate user behaviour or display advertisements (analytics cookies). We must ask for your consent before any placement of such cookies. If third-party companies place cookies, you will be specifically informed of this in the context of this data protection notice, and if so you will be asked for your consent. We place cookies for purposes of needs-based design, website security, commercial evaluation and website optimisation. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests"). Where we have asked for your consent to use and store cookies, use and storage of such cookies takes place solely on the basis of such consent (point (a) of the first sentence of Article 6(1) GDPR), and such consent may be withdrawn at any time.

i) Social media and platforms

We maintain an online presence on social networks and platforms in order to communicate with you and inform you there of our services. Our website https://lismio.app provides links to our social media channels, each shown as a link with the logo of the service provider concerned. Clicking on the logo takes you directly to the respective social media channel.

Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.

If you take advantage of the opportunity to mark posts by us in our social media channels (e.g. using the Like button) and/or commenting on them, those actions will be publicly visible, including your name and any profile image. You can remove your markings and posts at any time if the provider concerned permits this. If you send us messages through social media channels, the information you voluntarily share with us will be collected and processed by us along with your name and profile image.

Processing of your personal data takes place on the basis of our legitimate interest in comprehensive information and communication with you in accordance with point (f) of the first sentence of Article 6(1) GDPR. Where the platform operators concerned ask you for your consent for data processing, the legal basis for such processing is point (a) of the first sentence of Article 6(1) GDPR.

In order to search for, compile, review and comment on the audio books and audio plays you find via our websites and app, you will require premium access to the platforms such as Spotify, Napster, Deezer, Apple Music or BookBeat. You will find links to those platforms on our websites and the app, each shown as a link with the logo of the service provider concerned. Clicking on the logo takes you directly to the respective platform. We do not collect, process or pass on any personal data to any third party when you do this. Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.

Our websites https://lismio.app/ and https://lismio.link/ and the app also offer you the option of sharing with others individual audio book recommendations via the third-party providers X, Facebook, Reddit, LinkedIn, WhatsApp and Telegram and by email. Clicking on the logo of the service provider concerned takes you directly to the platform or service of the respective provider. In order to share our content via the third-party provider, you may need to set up a user profile with that provider.

Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.

We do not collect, process or pass on any personal data to any third party when you do make use of the share function.

The use of links to external platforms is offered firstly in fulfilment of contractual obligations (point (b) of the first sentence of Article 6(1) GDPR), secondly on the basis of our legitimate interest in improving our offering in accordance with point (f) of the first sentence of Article 6(1) GDPR. If the platform operators concerned ask you for your consent for data processing, the legal basis for such processing is point (a) of the first sentence of Article 6(1) GDPR. The provider details and data protection provisions (including right of objection) of the providers of social media services and platforms that we use can be found here:

Amazon Music (Amazon.com Services LLC, C/O Amazon.com, Attn: Legal Department, P.O. Box 81226, Seattle, WA 98108-1226, U.S.A.; for the European Union and United Kingdom: Amazon Digital UK Ltd, Attn: Legal Department, 1 Principal Place, Worship Street, London, EC2A 2FA, UK): https://www.amazon.de/gp/help/customer/display.html?nodeId=201380010;

Apple (Apple Inc., Infinite Loop, Cupertino, CA 95014, USA): https://www.apple.com/legal/privacy/de-ww/

Audible (Audible GmbH, Schumannstr. 6, 10117 Berlin, Germany): https://www.amazon.com/gp/help/customer/display.html/?nodeId=468496

BookBeat (BookBeat GmbH, Friedrichstraße 9, 80801 Munich, Germany): https://assets.ctfassets.net/4s7izhcdroyy/1kCfzYjlIza62bjFJQ3ZDC/56f0c50ab05550ccd516d69a624f8b9d/privacyPolicyDE_20210611.pdf;

Deezer (Deezer SA, 24 rue de Calais, 75009 Paris, France): https://www.deezer.com/legal/personal-datas;

Discord (Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA; for the European Union and United Kingdom: Discord Netherlands BV, Schiphol Boulevard 195, (1118 BG) Schiphol, Netherlands): https://discord.com/privacy;

Everand (Scribd, Inc. 460 Bryant Street, Suite 300, San Francisco, CA 94107-2594): https://support.scribd.com/hc/en-us/articles/210129366-Global-Privacy-Policy?_gl=1%2A72z851%2A_gcl_au%2AMTI4MTM3OTkxOS4xNzQzNTc5NjI4

Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://facebook.com/privacy/policy;

Google Play Books (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): https://policies.google.com/privacy

Höbu (DigitalStores GmbH, Kurt-Küchler-Str. 38, 22609 Hamburg, Germany): https://www.hoebu.de/privacy

Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://instagram.com/about/legal/privacy/;

Kobo (Kobo Software Ireland Limited, 1 - 2 Haddington Road, Dublin 4, D04 XN32, Ireland): https://authorize.kobo.com/terms/privacypolicy

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland): https://www.linkedin.com/legal/privacy-policy;

Napster (Napster Luxembourg S.a.r.l., 60, Route de Luxembourg, 5408 Bous, Luxembourg): https://www.napster.com/de/privacy/;

Nextory (Nextory AB, Norrtullsgatan 6, SE-113 29 Stockholm, Sweden): https://nextory.com/privacy-policy

Overdrive (OverDrive, Inc., One OverDrive Way, Cleveland, OH 44125, USA): https://www.overdrive.com/policies/terms-and-conditions

Reddit (Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland): https://www.reddit.com/policies/privacy-policy;

Spotify (Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Schweden): https://www.spotify.com/de/legal/privacy-policy/;

Storytel (Storytel AB (publ), Att. Support, Box 24167, 104 51 Stockholm, Sweden): https://www.storytelgroup.com/en/about-the-website/privacy-statement/

Telegram (Telegram Messenger LLP, 71-75 Shelton Street, Covent Garden, London, United Kingdom): https://telegram.org/privacy;

Thalia (Thalia Bücher GmbH, An den Speichern 8, 48157 Münster, Germany): https://www.thalia.de/hilfe/rechtliches/datenschutz

TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin 2, Ireland): https://www.tiktok.com/legal/privacy-policy;

WhatsApp (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://facebook.com/privacy/policy;

X (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland): https://x.com/de/privacy

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): https://policies.google.com/privacy;

YouTube Music (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): https://www.youtube.com/t/terms

j) Analytics tools

i. Google Analytics for Firebase SDK

We use Google Analytics for Firebase SDK ("Firebase SDK"), an analytics tool provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter "Google"), Gordon House, 4 Barrow Street, Dublin 4, Ireland, in order to ensure needs-based design and ongoing app optimisation and to subject our app to statistical analysis and evaluation with the aim of optimising it for you. Firebase SDK obtains the following data:

  • Number of users and sessions and session durations;
  • Operating system and device model;
  • Region;
  • First-time starts;
  • App executions, app updates and in-app purchases.

Some log data and user properties are also automatically collected. Detailed information is available here:

https://support.google.com/firebase/answer/6318039?hl=en;

https://support.google.com/firebase/answer/9234069?visit_id=637953034774122734-3380257376&rd=1;

https://support.google.com/firebase/answer/9268042?visit_id=637953034774122734-3380257376&rd=1.

For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement "Privacy Shield". A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission's standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).

Firebase SDK is used to optimise our app and improve our overall offering. The legal bases for this are point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests") and point (a) of the first sentence of Article 6(1) GDPR ("your consent"). You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between "allow" and "reject" buttons. You can find more information on Firebase SDK at: https://firebase.google.com/ https://www.firebase.com/terms/privacy-policy.html

ii. Fathom Analytics

We also use Fathom Analytics ("Fathom"), an analytics service provided by Conva Ventures Inc. based in British Columbia, Canada, on our websites and in the app. In contrast to conventional analytics tools, Fathom does not use cookies and does not track individual users across different websites. Fathom collects anonymous usage data, including:

  • Visit numbers and page views
  • Referral sources (e.g. which website you came to us from)
  • Browser and operating system used
  • General location (based on anonymised IP address)

Fathom is used on the basis of Art. 6 para. 1 lit. f GDPR. The data collected via Fathom helps us to understand and improve the use of our websites and app without collecting personal information or identifying individual users.

The Fathom privacy policy can be found here: https://usefathom.com/privacy

iii. Matomo

On our websites and in our app, we also use the web analysis tool Matomo ("Matomo"), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, to evaluate the usage behaviour of our visitors in a data protection-friendly manner and to continuously improve our websites and app. Matomo helps us to analyse visitor behaviour on our websites and in our app in order to optimise content and functions. Information such as pages visited, length of stay and interactions are recorded anonymously. Your data is processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our interest lies in improving user-friendliness and optimising our websites and app. Matomo collects anonymous usage data, including

  • Your IP address (anonymised)
  • Pages visited and time spent
  • Browser and operating system used
  • Country of origin and language settings
  • Clicks and interactions with our website

Your IP address is anonymised before it is saved so that no conclusions can be drawn about your person. All data collected remains completely on our servers and is not passed on to third parties. You can find more information about Matomo's privacy settings at the following link (https://matomo.org/faq/general/configure-privacy-settings-in-matomo/).

iv. Databox

We also use the analytics service Databox from Databox, Inc., 285 Fulton Street, 85th Floor, New York, NY 10007, USA ("Databox") on our websites and in the app to visualise and evaluate user behaviour on our websites and in the app. The following personal data may be processed when using Databox:

  • IP address (anonymised)
  • Usage and interaction data
  • Device and browser information
  • Company and business data (if integrated via interfaces)

The aforementioned data is processed for the following purposes:

  • Analysis and visualisation of usage and business metrics
  • Improvement of website and app performance
  • Identification and optimisation of user experience

Databox is used on the basis of Art. 6 para. 1 lit. f GDPR. The data collected via Databox helps us to understand and improve the use of our websites and app without collecting personal information or identifying individual users. For more information, please see the Databox privacy policy here: https://databox.com/privacy-policy

k) Recording your acknowledgment of our data protection notice

When you open our app or visit our websites, we verify whether you have acknowledged the latest version of the data protection notice on your terminal device. If you have not, we will display to you our current data protection notice with the request to acknowledge it. When you click "Read", we record your acknowledgment and store the following data:

  • IP address of request;
  • Lismio User ID (if present);
  • Language of request;
  • Date and time of request;
  • Version of data protection notice.

The legal basis for recording your personal data at the time of your acknowledgment of our data protection notice is point (c) of the first sentence of Article 6(1) GDPR. Under Article 24(1) GDPR, we are legally obliged to inform you about data collection, processing and storage. As evidence of this, we record your acknowledgment of our data protection notice. Evidence requires the recording of a non-anonymised IP address, otherwise the acknowledgment could not be linked to a specific user.

3. What happens to information you share with us?

The information you voluntarily share via our offering is only used to process your request. If no contractual relationship between you and us is established, the information you provide is deleted immediately your request is concluded. If a contractual relationship is established, your personal data will be stored for the duration of the contractual relationship and thereafter for the duration of statutory storage periods, warranty and guarantee rights and/or obligations to provide evidence, and then deleted. If the purpose of storage ceases to be applicable or if a statutory storage period expires, the personal data will be automatically blocked or deleted in accordance with the legal regulations. You may also delete data about yourself that we have stored by activating the relevant button and deleting the app from your terminal device. This completely deletes all data that is not subject to a statutory storage period. The legal basis for our processing of your data is point (a) of the first sentence of Article 6(1) GDPR ("your consent"), and, where your request relates to the establishment of a contractual relationship, point (b) of the first sentence of Article 6(1) GDPR ("necessary for the performance of a contract") and point (f) of the first sentence of Article 6(1) GDPR ("legitimate interests"). Except where otherwise stated in this data protection notice, on principle we do not pass your data to third parties, and in particular not for advertising or marketing purposes. We only pass your data to third parties if you have consented to this or if an enabling circumstance as defined by law is present. Such a circumstance would be present, for instance, if authorities or law enforcement agencies acting legitimately demand that we surrender data to them. The legal basis for this is point (c) of the first sentence of Article 6(1) GDPR.

4. Instagram competitions

Purpose of data processing:The personal data collected in the context of an Instagram competition organised by us (e.g. Instagram user name, first name, surname, address data of winners, if applicable) will be processed exclusively for the implementation and handling of the competition, in particular for the determination and notification of the winners and for the dispatch of the prizes.

Legal basis for data processing:The processing of personal data is carried out in accordance with Art. 6 para. 1 lit. b GDPR to fulfil our contractual obligations arising from participation in the competition.

Recipient of the data:Your personal data will not be passed on to third parties unless this is necessary to carry out the competition (e.g. shipping service providers).

Storage period:The personal data of the participants will be deleted after the competition has been completed and the prizes have been delivered, unless statutory retention obligations require longer storage.

5. Affiliate links

Our websites and the app contain so-called affiliate links. In affiliate partner programmes, advertisements from one company (advertiser) are placed on the websites of other companies in the affiliate partner network (publisher). If you click on one of these affiliate adverts, you will be redirected to the advertised offer. If you subsequently make a specific transaction (e.g. purchase), the publisher receives a commission for this. We therefore receive a commission if you take advantage of offers from one of our partners via an affiliate link placed on our websites or in the app. This does not result in any additional costs for you. If you click on an affiliate link, the respective provider may use so-called tracking technology (e.g. cookies or fingerprinting) to understand that you have reached them via our websites or the app. The following personal data may be processed in the process:

  • Your IP address
  • Information about the end device you are using (e.g. browser, operating system)
  • Referrer URL (the previously visited page)
  • Time at which you clicked on the affiliate link
  • Any other information about your purchasing behaviour

We participate in affiliate programmes of the following providers:

Adtraction Deutschland GmbH, Oderberger Straße 13, 10435 Berlin

You can find more information on data collection as part of the Adtraction affiliate programme here: https://adtraction.com/privacy-policy/

AWIN AG, Otto-Ostrowski-Straße 1A, 10249 Berlin

You can find more information on data collection as part of the AWIN affiliate programme here: https://www.awin.com/de/datenschutzerklarung

Partnerize, Performance Horizon Group Limited, Registered in England & Wales 07188234, 6th Floor, West One, Forth Banks, Newcastle Upon Tyne, NE1 3PA, United Kingdom

You can find more information on data collection as part of the Partnerize affiliate programme here: https://partnerize.com/legal/privacy-statement

The processing of personal data in the context of affiliate links is based on Art. 6 para. 1 lit. f GDPR (legitimate interest), as we have an economic interest in the monetisation of our services and websites. If consent is required for the use of tracking technologies (e.g. through cookies), the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR (consent). You can deactivate the storage of cookies and other tracking technologies at any time in your browser settings or delete cookies that have already been stored. Alternatively, many affiliate networks offer opt-out options. Further information on this can be found in the privacy policies of the respective providers.

6. You have the following rights:

Should the relevant legal conditions be present, you as a user of our offering have at all times the following rights:

  • Right of access to information in accordance with Article 15 GDPR;
  • Right to rectification of incorrect data or to completion thereof in accordance with Article 16 GDPR;
  • Right to erasure in accordance with Article 17 GDPR;
  • Right to restriction of processing in accordance with Article 18 GDPR;
  • Right to data portability in accordance with Article 20 GDPR;
  • Right to object in accordance with Article 21 GDPR;
  • Right to withdraw in accordance with Article 7(3) GDPR.

If you wish to assert these rights, you may at any time apply to the controller responsible (see above, 1.). In order to process a request, we are obliged to verify the identity of the requesting party. This measure is intended to protect your data from unauthorised access by third parties. You also have a right to lodge a complaint with a supervisory authority, in accordance with Article 77 GDPR. The competent authority in our case is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit: https://www.datenschutz-berlin.de/.

7. Data protection for minors

If a person under the age of 16 submits personal data via our offering, we will delete such data and not process it further immediately we are notified that the individual is a minor.

Status: April 2025