Table of content
We have always taken the protection of your personal data very seriously and - as before - will continue to take appropriate organisational, contractual and technical measures to protect your data from unauthorised or unlawful processing and against accidental loss, destruction or damage.
Responsible for data processing is Ideawise Limited, Room 604, Alliance Building, 133 Connaught Road, Central Hong Kong, Hong Kong. Its representative is SmH ServiceCenter.de GmbH, P.O. Box: 20 04 34, 13514 Berlin. Email: firstname.lastname@example.org.
Ideawise Limited is also meant when the terms "we" or "us" are used below. You can contact our data protection officer at: email@example.com. Please note that we are a company based outside the European Economic Area ("EEA"). As far as you use our Service and data is processed, these data are transferred to a so-called "third country". Details can be found in section 7 below.
If we provide the Service for your use, we process personal data from various sources. This is data that we collect automatically - for example when you visit a website - as well as other data that you have additionally provided to us.
a. Types of Data That We Automatically Collect
When you visit our website, you submit technical information to our servers. This happens regardless of whether you subsequently register with an account with us to use the Service or not. In any case, this data is recorded every time you visit our website:
Each time a page is accessed, access data is stored in a file, the so-called server log. The following data is stored:
The time, the status of your website visit (status means in this case whether the visit of the website was successful or not) as well as the request that your browser has made to the server to open the page, the amount of data transferred and the website from which you came to the requested page (referrer), and the product and version information of the browser used (user agent).
If you create a profile on our Service, we will assign a so-called unique user ID to it. Besides your chosen profile name, the unchangeable Unique User ID allows us to uniquely assign your profile.
b. Types of Data You Transmit to Us
In addition to the data we receive from all website visitors, we also process other data from registered users.
The exact amount of this data depends on how you use the Service.
Personal information that you publicly upload to your profile or other areas of the Service will be visible to other users (and searchable via the search function within the Service). If you choose additional settings for the publication of your data, this information will also be accessible to users who are not logged in. The privacy settings can be determined by you in your profile settings.
The data you provide us includes:
i. User account / profile data:
To use the Service, you can create a user account (a "Profile"). When you create a Profile, you must provide some mandatory information to complete the registration.
● Email address
● City and Postcode
● Date of Birth
● What gender is searched for
● What you are looking for (one-night stand, affair...)
If you have uploaded an image, other users have the option of sending the image directly from our Service to Google Image Search using the "Classify Images" function. This way, other users can help us to better recognize fake profiles and unauthorized uploaded images.
ii. Optional Profile Information:
The use of the Service is possible only with the aforementioned information. However, you may also provide additional personal information in your Profile, such as physical characteristics, personal interests or detailed information about your sexual preferences, political opinion or ideological beliefs. If you want to, you can upload your personal photos and videos to your Profile or a secret gallery. The scope of this optional data can be determined by you via the respective input fields in your Profile settings.
iii. Location Data:
When you register with our Service, we use your IP once to determine your approximate location data. You can agree to this localisation when registering or change it if necessary.
iv. Communication Data: Users
If you communicate with other users of our Service, we save your conversation history so that the conversation history with your chat partners can be permanently displayed.
v. Communication Data: Customer Service
When you contact our Customer Service, written communications between you and the service staff and notes on each transaction are stored so that you can always have a smooth customer service experience when the transaction is resumed by other service staff.
vi. Data for Age Verification and Fake Detection:
To perform the age verification (18+ check), we need a video from you. You must be in the video. In addition, your date of birth must be clearly visible on an official identity card. This way, we can verify that you are in fact of age.
Alternatively you can do the age verification via Schufa (Germany only).
If you are suspected to be a fake, you must have your profile verified. To do this, you need to upload an image that shows your face. You must also visibly hold a note in your hand stating your user name and the current date.
vii. Social Sign-On:
You can also use the "Login with Facebook" function to create your profile. If you choose this function, you send us your username on the social network at www.facebook.com ("Facebook"), your email address with which you registered on Facebook, as well as your gender, first name and your profile picture.
We process your data exclusively for the following defined purposes:
- to allow you and other users to use the Service and to ensure its functionality
- to provide you with additional services that you have purchased
- to keep you up to date with relevant information about our Service and to send you system notifications to the email address you have provided.
- to adapt the provision of the Service to your needs
- to display advertising tailored to your interests (including participation in prize competitions and sweepstakes)
- to continuously improve the service offer and to correct errors
- to detect and prevent fraud attempts
- to ensure the protection of minors
- to enable the exchange with customer service in case of questions
- to check information published on your profile or shared by you through the Service
- to disclose your personal data to third parties if we are legally obliged to do so
- to assert legal claims and to defend against legal disputes
- to ensure IT security and operation of our systems
In doing so, we rely on various legal bases in accordance with the so-called General Data Protection Regulation, a European Union legal framework for the standardisation of data protection law (“GDPR” for short). We refer in detail to the following legal bases:
Fulfilment of contractual obligations
At the same time, the processing of personal data takes place also for the provision of the Service and in the context of the performance of our contract with you. In many cases, the processing is not only justified by your consent, but also because it is necessary to fulfil our contract with you: In order to fulfil your claim to the services described in more detail in our General Terms and Conditions, it may be necessary, for example, to process your personal data. For example, if you wish to pay for your VIP or Premium membership the processing of your payment information is required for this.
Safeguarding legitimate interests
Legal requirements or public interest
In addition, we are legally obliged to provide certain information to criminal prosecution or tax authorities in individual cases upon request.
We treat your personal data with care and confidentiality and will only pass them on to third parties to the extent described below and not beyond.
a. To Other Users:
As our Services is a platform for getting to know each other, it is in the nature of things that we forward your profile data and other data (e.g. messages you write and other communication you conduct with other users and the community) to the corresponding users of the Service at your request and on your behalf.
b. To Group Companies:
We transfer data to our affiliated companies, which form a group with us, within the framework of strict protection requirements. This is the case, for example, when you make a customer service request. We will then forward this request to SmH Servicecenter.de GmbH, a service company associated with us. In addition, our development company, TheNetCircle Network Co Ltd. and its debt collection partners Compay GmbH and Faircollect GmbH and Playamedia S.L.'s Community Management and Marketing receive the necessary information to ensure the security and functionality of the service and payment processing.
In addition, we transmit data to external service providers that enable us to provide the Service. These include hosting providers, delivery service providers, payment service providers and providers of analytical platforms. We require these service providers to comply with strict rules to ensure the security of your data when processing personal data on our behalf.
Google LLC is a privacy shield certified provider from the USA. Google Analytics is used to analyse the behaviour of users of our Services. On the pages where maps are displayed (e.g. to show the location of club profiles) we use Google Maps. We do not use the actual location of the user but a location stored by us. With the help of Google Captcha we determine with certain actions whether the visitor is a human being or a machine. YouTube videos are embedded in our service in "enhanced privacy mode". While no YouTube cookies are set by this particularly data protection-friendly type of embedding, calling up the pages nevertheless leads to a connection with YouTube and the DoubleClick network. A click on the video can trigger further data processing processes over which we no longer have any control.
With this survey program (location Spain, adequate data protection level) we enrich our community to carry out interesting evaluations. Among other things, the nickname, gender, payment class and location can be transferred in the profile.
With Ongage (location Israel, adequate data protection level) we make sure that we only send you relevant emails. With the program we can define target groups for newsletters. For this purpose we hand over the email address, the nickname, the registration date, the gender, the payment class, the last login time, the chosen language, the search by gender, the interests marked with I like, the age, the sexuality, the information about the newsletter unsubscription and the bounce status, as well as the stored place in the profile.
Sparkpost (location USA, no adequate data protection level) is a provider for sending emails. For sending we hand over the email address. Sparkpost will delete the mail immediately after it has been sent.
With Orbitsoft (location Russia, no adequate data protection level) we can place targeted advertising. The software distributes the advertising banners according to target group. The target groups can be divided into location, gender, search gender, payment type, number of logins, age, preferences and the 18+ check status. Orbitsoft Opt-Out
Kayako (UK site, adequate level of data protection) is our system for dealing with customer issues. For each request the email address, your preview profile picture and the username will be transferred.
We use Twilio (location USA, Privacy-Shield certified) for our free SMS service. If this function is used, the recipient telephone number and the SMS text are transferred.
This storage service (processing in the USA and Europe, Privacy-Shield certified) is used by us to store and deliver videos and images.
Our subsidiary (location Germany, adequate level of data protection) is our debt collection partner. When you purchase a membership or points, your billing information is sent directly to Compay. Here you can see what data is involved.
Vendo (location Switzerland, adequate level of data protection) is our payment provider for payments from abroad. When purchasing a membership or points outside of Germany, Austria or Switzerland, the user ID is forwarded directly to Vendo.
Paysafecard.com (branch of Prepaid Services Company Limited located in Germany, adequate level of data protection) is a payment provider for anonymous payment. With a Paysafecard you can buy a membership or points. When you choose to purchase Paysafecard, your user ID will be forwarded to Paysafecard.com and your email address will be forwarded to our own payment provider Compay.
Fetish.com Shop (to be launched end of 2018)
Our shop works together with a dropshipper. This is the Zugeschnürt-Shop from Berlin, Germany (adequate data protection level). When purchasing an item, the invoice data will be transmitted, i.e. the order number, name, telephone number, email address, company and address, should these have been stated at the time of purchase. Also the product data (such as price, size, quantity and article number), the payment method and the shipping options.
In the Fetish.com shop (to be launched end of 2018) it is possible to pay with Paypal. This is done via the payment provider BS Payone (location in Germany, adequate level of data protection). When purchasing, we only transmit the user ID to BS Payone.
Virtual Business Support
In order to activate our images even faster, we work together with Virtual Business Support (based in the Philippines, no adequate data protection level) where new images are classified by qualified personnel.
We use the following affiliate systems to win new customers for our community. We measure success on the basis of registrations and sales. We use: Adcell, Adwords together with the Google Tag Manager, Programmis and Hasoffers.
We transmit data to authorities in the event of a legal obligation based on a request for information from the respective authority.
When purchasing on our Service, we transfer different details for each payment method to our debt collection partners. Our partners are Compay GmbH, Vendo Services GmbH, Paysafecard.com Services and BS PAYONE GmbH. You can find out which data this is for each desired payment method, here.
The term "behavioural advertising" refers to the use of tracking measures to determine the potential interest of users in advertisements and to display them according to their interests.
For this we use the following features: Gender, membership type, 18+ check status, preferences, interest in a membership, number of logins and what gender a member is looking for.
Members with a Premium and VIP membership have the possibility to switch off the advertising.
All servers of the Service are located in the EEA, hence initially your data does not leave the EEA technically, but the technical provision and processing of the data for the operation of the service takes place in the European Union.
However, when you submit data to us, it will be legally transferred to a country outside the EEA, as we have our registered office in the People's Republic of China. In addition, our development company is also based in China, from where it has technical access to the servers in the European Union.
According to the GDPR, China is a so-called "third country" in which an adequate level of data protection cannot be guaranteed in principle; there is no corresponding decision on adequacy and there are also no specific guarantees to compensate for this deficit. This means that we may have to transmit data to government agencies there under less stringent conditions than is the case within the EEA. The legal hurdles to the protection of personal data in China are thus generally regarded as lower from a European point of view, as would also be the case for processing in Australia, Russia or India, for example.
Due to the use of external service providers, some data is also transferred to other so-called "third countries". You can see exactly what these are and whether there is an adequate level of data protection under point 4c
We process and store your personal data as long as it is necessary for the fulfilment of our contractual or legal obligations. Therefore, we store the data as long as our contractual relationship with you exists and also after termination, as far as the laws of the Federal Republic of Germany and the People's Republic of China require this. If the data are no longer necessary for the fulfilment of such obligations, they will be regularly deleted, unless their further processing is necessary for the protection of legitimate interests or for the preservation of evidence within the framework of statute of limitations. In this sense, age verification and fake suspect photos and videos are stored expressly for the entire duration of the contract, since we use this data in particular to continuously guarantee the protection of minors and the prevention of fraud attempts.
The data collected under 2.a will be stored for 180 days. This storage period serves our protection against attacks on the systems of our service, e.g. through so-called Distributed Denial of Service attacks, in which a large number of accesses to our service are intended to overload the systems in order to interrupt the provision of our service.
You are not required by law to provide us with the above information. In principle, the contractual relationship that you have entered into with us by agreeing to our General Terms and Conditions does not give rise to any obligation to provide this personal data. However, the transmission of mandatory information is a basic prerequisite for concluding a contract with us. Furthermore, you cannot use the Service or only to a limited extent if you do not provide us with certain data or contradict their use. This is because the Service is essentially only "brought to life" by the content posted by the users.
You can assert the following rights:
Your right to access to information under Article 15 GDPR,
Your right to rectification under Article 16 GDPR,
Your right to erasure under Article 17 GDPR,
Your right to restriction of processing under Article 18 GDPR and
Your right to data portability under Article 20 GDPR.
If you have any questions in this regard, please contact our customer service at: firstname.lastname@example.org.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. However, this revocation will then only be effective for the future. Processing that took place before the revocation is not affected by this.
In addition, you have a right of appeal to the competent data protection supervisory authority. As we are not established in the EU, this is the supervisory authority of the representative named under point 1, or the supervisory authority responsible for your place of residence.
a. Right of Objection on a Case-By-Case Basis
In addition to the rights already mentioned, you have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Article 6 para. 1e GDPR (data processing in the public interest) and Article 6 para. 1f GDPR (data processing on the basis of a balance of interests). If you file an objection, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
b. Right to Object to the Processing of Data for Advertising Purposes
You also have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing. If you object, we will no longer process your personal data.
The objection can be made informally and should be addressed to: email@example.com if possible.