LYNQ GmbH & Co. KG, Josephinenstr. 17, 40212 Düsseldorf, Germany (hereinafter referred to as "LYNQ", "we" or "us") offers a geotracking-based social media app (user software) with an associated database, hereinafter referred to as the Service. The service enables its users to get in touch with other users in the area for private or business purposes via mobile app.
With this privacy policy, we would like to inform you about how your data is processed in our service, when using our website and the app. Your data is processed in compliance with the applicable data protection regulations.
With regard to the terms used in the privacy policy, we refer to Art. 4 GDPR.
1. Responsible persons
LYNQ GmbH & Co. KG
Josephinenstr. 17
40212 Düsseldorf
Germany
Email: support[a.t.]lynq.me
2. Legal bases of the processing
Insofar as the Provider obtains the consent of the User for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the User is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which the Provider is subject, Article 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the User or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
In the event that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Provider, Article 6(1)(e) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by the Provider or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the User, Article 6(1)(f) GDPR serves as the legal basis. The Provider’s legitimate interest lies in the performance of its business activities.
3. Collection of general data and information
In order to operate its geotracking-based social media app and to be able to offer products and services described on the LYNQ website, in particular at www.lynq.app and www.lynq.me, the Provider requests some information from the User and automatically collects data about the User’s use of the LYNQ app. In addition, the Provider requests the release of the location data of the User’s mobile device (e.g., smartphone) if this is activated via the LYNQ app and required for benefits and services. These data protection provisions regulate which personal data the Provider may collect from the User and what the Provider will or will not do with this data.
a. Personal data collection and processing
When the User registers for a LYNQ account or logs in to a website operated by the Provider and/or otherwise purchases products and services from the Provider, the Provider may ask for certain data, such as first name, surname, telephone number, e-mail, employer, job title, industry, languages spoken, hometown, profiles on the internet (such as the User’s own website, Instagram, Facebook, LinkedIn, etc.), photos, interests, etc. The Provider also collects location data via the User’s smartphone.
In addition, when the User uses the LYNQ app and LYNQ services, the Provider automatically receives information about the User’s use of the application, the service, and the website, including information such as, of course, the User’s current location, requests made, the URL of the website from which the User uses or accesses the service, the date and time of the request, the User’s Internet Protocol address (IP address), the performance of the User’s network and computer, the User’s browser type, language and identification data, software version, and operating system. Username and password are neither collected nor stored — validation/login takes place via an SMS code sent to the mobile phone number provided.
The Provider uses the User’s personal data to (a) provide the products and services purchased or requested as described in the LYNQ Terms of Use and to display customised content and advertising, (b) communicate with the User regarding the account, customer service, and LYNQ products and services, (c) personalise and improve the LYNQ app, (d) develop and introduce new products and services, (e) send invoices or payment confirmations, (f) make the User’s profile visible to other users in the LYNQ app, and (g) as otherwise described in this Privacy Policy.
In addition, other LYNQ users may be able to use the service to search for and/or view the User’s LYNQ profile and the information contained therein. Depending on the User’s membership (see also GTC), the User can set different restrictions regarding what is displayed to which user groups (e.g., location and distance) under “Settings” in the LYNQ app. By default, all information in the User’s LYNQ profile is publicly accessible to all users of the service.
b. Disclosure of information
Without the User’s express prior consent, the Provider will only share the User’s personal data with third parties (including LYNQ affiliates) for the purposes set out below or to the extent necessary to:
- Enforce the terms of the LYNQ Terms of Use and Premium Membership;
- Comply with laws and regulations, requests from governmental or administrative authorities, including but not limited to prosecutors, police, or courts, or respond to litigation;
- Allow a change of ownership of LYNQ and the related transfer of all personal data to the new owner, while in any case remaining protected in accordance with this Privacy Policy;
- Carry out the review of promotional activities;
- Allow the Provider to conduct surveys to measure the User’s experience and use of the services by others, who are prohibited from using the data for any other purpose;
- Share aggregated statistics (in aggregate and/or anonymised form) about the use of the LYNQ app and software and the services with business partners;
- Perform a credit check, issue invoices, and execute payment orders initiated by the User.
c. Further processing during and through the use of our offers
In some cases, access to certain third-party products and services offered or advertised through the LYNQ application software or website may also require the User to provide personal data to third parties, such as business partners. This will be indicated as part of the registration process, in the terms of use or privacy policy of the relevant business partner, by the request to log in or register, or in a similar manner. The use of this information by the third party is subject to its data protection provisions. The User should consult the respective privacy policies of the business partners to ensure how the personal data provided is processed there. If the User does not agree to their personal data being used in this way, they should refrain from registering for the relevant products or services.
d. Transfer of personal data to other countries
The Provider processes the User’s personal data on servers in Germany and, with the User’s consent, also on servers outside the User’s home country. The Provider also processes it there or outsources the processing to third parties based in these countries, including countries outside the European Economic Area. When this happens, however, the Provider ensures compliance with these data protection regulations and the applicable law. Insofar as parts of the services are offered via third parties, e.g., Amazon Web Services (AWS), they act as processors and the Provider has concluded a Data Processing Agreement (DPA) which ensures that AWS, for example, complies with the data protection standards required for the processing of the Users’ data.
4. Rights of the data subject
In accordance with Art. 15 GDPR, the User has the right to request information about the personal data processed by the Provider. In accordance with Art. 16 GDPR, the User has the right to rectification of inaccurate data or completion of incomplete data. In accordance with Art. 17 GDPR, the User may also request the erasure of data on the grounds specified therein. If erasure is not possible, the processing of the User’s personal data must be restricted in accordance with Art. 18 GDPR. In accordance with Art. 20 GDPR, the User has the right to receive data in a structured, commonly used and machine-readable format and to transmit those data to another controller. Art. 77 GDPR gives the User a general right to lodge a complaint with the competent supervisory authority.
5. Right of withdrawal
In accordance with Art. 7 para. 3 GDPR, the User can revoke consent given to the Provider at any time with effect for the future.
The User can withdraw consent using the contact details in Section 1 of this Privacy Policy.
6. Right of objection
The User can object to the processing of data, which is collected and processed on the basis of a legitimate interest, at any time in accordance with Art. 21 GDPR.
To object, the User shall use the contact details above.
7. Use of cookies
Cookies are small data packets that are transferred between the Provider and the User. The data is transferred from the Provider’s server to the User’s browser and stored there on the end device for later retrieval. Cookies do not cause any damage to the User’s device and do not contain viruses.
In order to make the visit to the website attractive and to enable the use of certain functions, the Provider uses cookies on the website out of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Cookies can be transmitted to a page when it is called up and thus enable the User to be assigned. Cookies help to simplify the use of websites for the User. The Provider uses cookies for this area that contain the session ID. Cookies remain on the User’s end device and enable the Provider to recognise the User’s browser on the next visit.
When visiting the website, the User’s browser can be set so that the User is informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Cookies that have been set can be deleted there. Please note that if the User does not accept cookies, the functionality of the Provider’s services may be restricted.
8. Apple App Store / App Store Connect
The Apple App Store is a platform used by Apple Inc. for the distribution of mobile apps. The Provider’s service is also distributed via the Apple App Store.
On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and for the performance of the contract pursuant to Article 6(1)(b) GDPR, User ID, diagnostic data, unique device identifier for advertising, purchase history, usage data, product interaction, search history, tracker, identifier for vendor (IDFV), universally unique identifier (UUID) are passed on for this purpose.
App Store Connect allows the Provider to control and manage the application in the Apple App Store. App Store Connect gives the Provider access to data about User interactions, app discoverability, marketing campaigns, sales, in-app purchases and payments in order to draw conclusions about the performance of the app. This data is only collected by App Store Connect if the User has given consent to share this information with the Provider.
For more information about Apple’s privacy practices and the User’s rights and settings options to protect privacy, please see the privacy policy at: https://www.apple.com/de/legal/privacy/
9. Google Play Store / Google Play Console
The Google Play Store is a platform used by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) for the distribution of mobile apps. The Provider’s service is also distributed via the Google Play Store.
On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and for the performance of a contract pursuant to Article 6(1)(b) GDPR, User ID, diagnostic data, unique device identifiers for advertising, purchase history, usage data, product interaction, search history, tracker, identifier for vendor (IDFV), universally unique identifier (UUID) are passed on for this purpose.
With the Google Play Console, the Provider can control and manage the application in the Google Play Store. Google Play Console gives the Provider access to data about User interactions, app discoverability, marketing campaigns, sales, in-app purchases and payments in order to draw conclusions about the performance of the app. This data is only collected by Google Play Console if the User has given consent to share this information with the Provider.
The use of Google Play Store / Google Play Console is in compliance with the General Data Protection Regulation. The Provider has concluded an order processing contract with Google in accordance with Art. 28 GDPR. Data is transferred to the USA on the basis of standard contractual clauses and additional security measures.
Further information on data processing by Google can be found here: https://policies.google.com/privacy
10. Google Analytics
On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, the Provider uses Google Analytics to analyse its offers. The legitimate interests here consist in the needs-based design and continuous optimisation of the online offering.
Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies", which are text files placed on the User’s computer, to help the website analyse how the User uses the site. The information generated by the cookies about the User’s use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, the User’s IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand, so that it is no longer possible to clearly assign the IP address. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate the User’s use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by the User’s browser as part of Google Analytics will not be merged with other Google data.
Google Analytics is used in compliance with the General Data Protection Regulation. The Provider has concluded an order processing contract with Google in accordance with Art. 28 GDPR. Data is transferred to the USA on the basis of standard contractual clauses and supplementary security measures.
Further information on data processing by Google can be found here: https://policies.google.com/privacy
11. Integration of Google Maps / Google Places
If the Provider uses Google Maps and/or Google Places, interactive maps can be displayed directly to the User and the User can use the map function conveniently. By visiting this area, Google then receives the information that the User has accessed this subpage of the website. The processed data may include, in particular, IP addresses and location data of Users, which, however, are not collected without their consent (usually in the settings of their mobile devices).
This takes place regardless of whether Google provides a User account through which the User is logged in or whether no User account exists. If the User is logged in to Google, the User’s data will be assigned directly to their account. If the User does not wish to be associated with their profile on Google, they must log out. Google stores User data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for Users who are not logged in) to provide needs-based advertising and to inform other users of the social network about activities on our website. The User has the right to object to the creation of these user profiles, whereby they must contact Google to exercise this right.
Google Maps and/or Google Places is used in compliance with the General Data Protection Regulation. The Provider has concluded an order processing contract with Google in accordance with Art. 28 GDPR. Data is transferred to the USA on the basis of standard contractual clauses and supplementary security measures.
Further information on data processing by Google can be found here: https://policies.google.com/privacy.
12. SMS Service Vonage
Vonage’s SMS service enables the Provider to send SMS messages to Users for various purposes, in particular it enables the Provider to offer a secure login procedure. On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and for the performance of a contract pursuant to Article 6(1)(b) GDPR, the telephone number provided by the User and an individually generated login code are passed on for this purpose.
By entering their telephone number the User agrees to receive text messages from LYNQ.
For more information on Vonage’s data protection practices and User rights as well as setting options to protect privacy, please refer to the privacy policy at: https://www.vonage.com/legal/privacy-policy/
13. ChatGPT
The Provider uses ChatGPT to create individual introduction texts in User profiles. On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and for the performance of a contract pursuant to Article 6(1)(b) GDPR, the following information is passed on for this purpose:
- Name
- Profession
- Hometown
- Current location
- Distance between Users
- Languages
- Professional fields of action
- Favorite activities
- Favorite places to visit
- LYNQ contact list
- External / social links
- User Circles
- User events
- User search queries
For more information about ChatGPT’s privacy practices and User rights and choices regarding privacy, please see the Privacy Policy at: https://openai.com/de-DE/policies/privacy-policy/
14. Stream.io
The Provider uses Stream.io to enable messages between Users and to provide notifications in the app. On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and for the performance of the contract pursuant to Article 6(1)(b) GDPR, the following information is passed on for this purpose:
- User ID
- User name
- User picture
- Content of messages received and sent (text and/or images)
- Content of the notification (so-called “notification”)
For more information on Stream.io’s data protection practices and User rights and privacy settings, please refer to the privacy policy at: https://getstream.io/legal/privacy/
15. Amazon Web Services (AWS)
The LYNQ application is hosted on the Amazon Web Services (AWS) cloud platform, a service provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.
The Provider has chosen AWS because the platform offers high security standards and reliability. AWS is certified according to internationally recognised standards such as ISO 27001, SOC 1, SOC 2, and SOC 3, ensuring a high level of security and compliance.
All personal data is processed and stored exclusively on AWS servers within the European Union, ensuring compliance with the EU’s strict data protection regulations, including the General Data Protection Regulation (GDPR).
On the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR, the following personal data is stored and processed on AWS servers:
- Name
- Occupation
- Home town
- Current location
- Distance between users
- Languages
- Fields of activity
- Favorite activities
- Favorite places
- LYNQ contacts
- External / social links
- photos
- Geo data
- Phone number
- Individual invitation codes
- Membership
- Available and used LYNQ requests
- Usage data of the application
- Messages from / between users
- Message from users including reasons
- Circles
- Events
- Search queries
- Apple IDFV (ID of the app on a device)
This data is used for the following purposes:
- Provision and optimisation of the LYNQ application
- Processing of orders and payments
- Communication with Users
- Improving user-friendliness and customer satisfaction
- Security and protection against misuse
We do not pass on personal data to third parties unless this is necessary to fulfil contractual obligations or required by law. AWS has no independent access to the data stored by us and only processes it in accordance with our instructions.
AWS acts as our processor in accordance with Art. 28 GDPR. Processing is carried out on the basis of standard contractual clauses that ensure an appropriate level of data protection. AWS has also implemented extensive technical and organisational security measures to protect your data.
Further information can be found in the AWS privacy policy: https://aws.amazon.com/de/privacy/
16. MongoDB
The LYNQ app uses MongoDB, a cloud database service provided by MongoDB, Inc. to securely and efficiently store and manage User data.
MongoDB is used to store User data and communication data required for the provision and functionality of the app. Technical and organizational measures are taken to ensure the security and protection of the data.
Data processing takes place on MongoDB servers in the European Union. MongoDB acts as a processor in accordance with Art. 28 GDPR. Processing is carried out on the basis of standard contractual clauses that ensure an adequate level of data protection. MongoDB has also implemented extensive security measures to protect User data.
Further information can be found in MongoDB’s privacy policy: https://www.mongodb.com/legal/privacy/privacy-policy
17. Facebook SDK
The LYNQ app uses the Facebook SDK, a software development kit provided by Meta Platforms, Inc. (formerly Facebook, Inc.). The Facebook SDK allows integration of features such as User logins, analytics and content sharing via Facebook.
When using the Facebook SDK, data may be transferred to Meta in the USA and processed there, including:
- Technical data (e.g. device type, operating system, app version)
- Usage data of the app (e.g. functions accessed)
- Information on the use of Facebook functions within the app (e.g. login via Facebook, interactions with Facebook content)
Meta is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in accordance with EU standards. Meta acts as a processor in accordance with Art. 28 GDPR and has implemented extensive security measures to protect User data.
The processing of data via the Facebook SDK is based on the User’s consent in accordance with Art. 6 para. 1 lit. a GDPR, which is given when starting the app. The User can revoke this consent at any time with effect for the future by changing the settings in the app or contacting the Provider.
Further information can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy/
18. Contact Access
With the explicit permission of the User, the Provider may access and temporarily upload the User’s contacts to the Provider’s secure server. This is done solely to help the User discover which of their contacts are already on LYNQ and to enable the User to invite selected friends to join. Invitations are only sent after the User manually selects individual contacts. The Provider does not store contact data longer than necessary and never shares it with third parties or uses it for advertising or analytics purposes.
19. Photo Library Access
With the explicit permission of the User, the Provider may access the User’s photo library to allow the User to select and upload images — for example, to update the User’s profile picture or share visuals in events. Photos are only accessed when the User actively chooses to upload one, and the Provider does not access or store any other photos from the library without interaction from the User. The Provider does not analyse, share, or use the User’s photo data for any other purposes.
20. Location Access
With the explicit permission of the User, the Provider accesses the User’s precise location to show nearby users and enable relevant local interactions. The Provider may also use recent location history to notify the User when friends are nearby in cities that are not frequently visited by the User or their contacts. However, the Provider does not store exact location histories — only the cities visited are retained for contextual features. All location data can be deleted by the User at any time in the app settings.
21. Content Moderation
To maintain a safe and respectful environment in line with the Provider’s Community Guidelines, the Provider monitors content shared within the app. Moderation may be performed by:
- Automated systems (AI) designed to detect potentially harmful, inappropriate, or non-compliant content.
- Human moderators, who may review flagged content to assess compliance with our guidelines.
These moderation practices are intended solely to protect Users and uphold community standards. Moderators — whether human or automated — may access user-generated content solely for the purpose of enforcing these standards. All moderation is performed in accordance with applicable privacy laws and the Provider’s internal governance.
22. Data security
In order to prevent unauthorized access or disclosure, to ensure the accuracy of the data, and to ensure the authorised use of the data, the Provider has implemented technical and organisational measures in accordance with Art. 32 GDPR to secure and protect the data collected online. The Provider secures its website and other systems against manipulation, loss, destruction, access, modification, or dissemination of the User’s data by unauthorised persons.
23. Disclosure of data
Data will not be transferred to third parties for purposes other than those stated in this Privacy Policy. The Provider will only pass on the User’s personal data if:
- The User has given consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or
- Disclosure is required in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and the User has no overriding interest in non-disclosure, or
- There is a legal obligation to disclose the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, or
- It is required for the processing of contractual relationships in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
24. Questions and notes
The version of the Privacy Policy available online at the time of the User’s visit always applies to the use of the app and website. The Provider reserves the right to change or update this Privacy Policy due to further development of the website or changes in legal or regulatory requirements.
The Provider requests that Users regularly inform themselves about the content of the Privacy Policy.
If the User has any further questions about data protection regarding the website or app, the User may contact the Provider at the email address given above. The Provider will then endeavour to answer the questions and resolve any concerns the User may have.
Status 11/2024
Copyright
© RA Michael Terhaag, law firm Terhaag & Partner Rechtsanwälte - www.aufrecht.de for LYNQ. All rights reserved.