LYNQ GmbH & Co. KG, Josephinenstr. 17, 40212 Dusseldorf, Germany (hereinafter referred to as "LYNQ", "we" or "us") operates a geolocation-based social networking application with an associated database(hereinafter referred to as the "Service"). The Service enables usersto discover and connect with other users nearby for personal and professional purposes via mobile app.
This Privacy Policy explains how we collect, use, and protect your personal data when you use the LYNQ app and website. All processing is carried out in accordance with applicable data protection law, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG),and the German Telecommunications Digital Services Data Protection Act (TDDDG).
References to defined terms in this policy follow Art. 4 GDPR.
1. Controller
The controller within the meaning of Art. 4(7) GDPR is:
LYNQ GmbH& Co. KG
Josephinenstr. 17
40212 Düsseldorf
Germany
Email: privacy@lynq.me
2. Data Protection Officer (DPO)
Inaccordance with Art. 37 GDPR and Sec. 38 BDSG, the Provider has appointed a Data Protection Officer. The Data Protection Officer can be contacted at:
Email: dpo@lynq.me
Postal address: Data Protection Officer, LYNQ GmbH & Co. KG, Josephinenstr. 17,40212 Dusseldorf, Germany
You may contact the Data Protection Officer directly and confidentially. The Data Protection Officer is bound by professional secrecy and may not be instructedby the Provider in the performance of their duties.
3. Legal Bases for Processing
TheProvider processes personal data on the following legal bases:
a. Contract performance (Art. 6(1)(b) GDPR): Processing is necessary to provide the Service as described in the Terms of Use, including core app features such as profile display, user discovery, geolocation-based matching, AI-powered recommendations, and personalised introductions. These features are integral tothe Service and cannot be disabled without fundamentally altering the nature ofthe contractual relationship.
b. Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for purposes of the Provider's legitimate interests, including the security and integrity of theService, fraud prevention, analytics for product improvement, and the technicaloperation of the platform, provided such interests are not overridden by the data subject's interests or fundamental rights and freedoms.
c. Consent (Art. 6(1)(a) GDPR): For processing activities that are not necessary for the performance of the contract and for which no other legal basis applies, the Provider relies onthe User's freely given, specific, and informed consent. Where consent is thelegal basis, you have the right to withdraw it at any time (see Section 10).
d. Legal obligation (Art. 6(1)(c) GDPR): Where processing is required to comply with a legal obligation to whichthe Provider is subject, including applicable tax, commercial, and regulatorylaws.
Where the Provider relies on legitimate interests as the legal basis, the Provider hascarried out a balancing test to ensure that such interests are not overriddenby the interests, rights, or freedoms of data subjects. Documentation of the seassessments is available on request from the Data Protection Officer.
4. Data We Collect
In order to operate its geotracking-based social media app and to be able to offer products and services described on the LYNQ website, in particular at www.lynq.app and www.lynq.me, the Provider requests information from the User and automatically collects data about the User’s use of the LYNQ app. In addition, the Provider requests the release of the location data of the User’s mobile device (e.g., smartphone) if this is activated via the LYNQ app and required for benefits and services. These data protection provisions regulate which personal data the Provider may collect from the User and what the Provider will or will not do with this data.
a. Registration and profile data: When you create a LYNQ account, you provide personal data including your mobile phone number, first name, surname, photographs, profession,employer, industry, hometown, languages spoken, interests, favorite activities,favorite places, and links to external profiles (such as Instagram, LinkedIn,or personal websites). Authentication is performed via one-time SMS codes; no password is stored.
b. Location data: With your permission, the Provider collects your precise GPS location to enable geolocation-based features including discovery of nearby users, events, and places. The Provider also derives and retains your city-level location historyfor contextual features as described in Section 15.
c. Usage and interaction data: The Provider automatically collects data about how you use the Service, including: features accessed, profiles viewed, search queries entered and filters applied, LYNQ requests sent and received, events and circles joined or created, Places marked or visited, in-app messages and notifications, session duration and frequency, and membership and feature usage patterns.
d. Technical data: The Provider collects device and network information including IP address, device type and model, operating system and version, app version, browser type,language settings, and diagnostic data. User name and password are notcollected; login is handled via SMS verification code.
e. Contact data: With your explicit permission, the Provider temporarily processes your device contact list solely to identify which of your contacts are already registered on LYNQ and to enable you to invite selected contacts. Contact data is not stored beyond the duration necessary for this function and is never shared withthird parties or used for advertising.
f.Communication data: Content of messages sent and received between users via thein-app messaging system.
5. How We Use Your Data
The Provider uses your personal data for the following purposes:
a. Providing the Service: Enabling user registration, login, profile display, and accountmanagement; displaying your profile to other users in accordance with yourprivacy settings; enabling geolocation-based user discovery, eventparticipation, and circle membership.
b. AI-powered personalisation: Generating personalised recommendations of users, events, circles, andplaces; creating profile introduction texts; and powering other intelligentin-app features as further described in Sections 6 and 7. This processing isnecessary for the performance of the contract (Art. 6(1)(b) GDPR) as AI-drivenpersonalisation is a core, integral feature of the Service.
c. Cityarrival notifications: Notifying you when contacts are nearby in cities you visit, as furtherdescribed in Section 14.
d. Communication: Sendingservice notifications, security alerts, and information relevant to youraccount and membership.
e. Payments and billing:Processing membership payments, issuing invoices and payment confirmations, andmanaging subscription status.
f. Security and integrity: Detecting and preventing fraud, abuse, spam, and violations of theTerms of Use; conducting content moderation as described in Section 15.
g. Analytics and improvement: Analysing aggregate usage patterns to improve the Service, develop newfeatures, and ensure technical stability.
h. Legalcompliance:Fulfilling legal obligations under applicable law.
6. AILanguage Model Services
To deliver intelligent and personalised features within the Service, the Provider uses AI language model services from the following third-party providers (collectively"AI Services"):
OpenAI, Inc. (via OpenAI Ireland Ltd., 1 Cumberland Place, Fenian Street, Dublin 2, Ireland) - services include theChatGPT and GPT API.
Anthropic, PBC, 548 Market St, San Francisco,CA 94104, USA - services include the Claude API.
Google Ireland Limited, Gordon House,Barrow Street, Dublin 4, Ireland - services include the Gemini API.
These AI Services are used for the following purposes:
a. Profile introductions: AI-generated introductory texts are created to help users present themselves to the community. This uses profile data you have provided,including name, profession, hometown, and stated interests.
b. Personalised recommendations: AI Services analyse user profile data and in-app behaviour to generate contextually relevant recommendations of other users, events, circles, and places. The data processed for this purpose includes: name and profile information; profession, industry, and professional fields; current location and recently visited cities; in-app search queries and filters applied;profiles viewed and interaction history; Circle memberships and event participation; stated interests, favorite activities, and favorite places; languages; and LYNQ contact connections.
c. Cityarrival and proximity features: AI Services assist in identifying contextually relevant connection opportunities when a user arrives in a city, drawing on location data and contact relationships as further described in Section 14.
d. Search interpretation: AI Services interpret free-text search queries to deliver relevant results across users, events, circles, and places.
e. Otherin-app intelligence:AI Services may support additional personalisation, quality, and safety features within the Service.
The legal basis for AI processing described in this section is the performance of the contract pursuant to Art. 6(1)(b) GDPR, as these AI-powered features constitute a core and integral part of the Service. Where processing goes beyond contract performance, the legal basis is the Provider's legitimate interests pursuant toArt. 6(1)(f) GDPR in providing a high-quality, personalised social networking service.
Data minimisation: Only data categories necessary for the specific function aretransmitted to AI Services in each individual request. The Provider does nottransmit data in excess of what is required for the stated purpose.
Dataprocessing by AI Services: Each AI Service provider processes data as aprocessor under Art. 28 GDPR. The Provider has concluded Data ProcessingAgreements (DPAs) with each provider. API-processed data is not used by theseproviders to train their models outside of the DPA terms. Transmitted data isretained by each provider only for the period specified in the applicable DPA(typically up to 30 days) and is then deleted from provider systems.
Internationaltransfers: All three AI Service providers are based in or transfer data to theUnited States. Transfers are safeguarded as follows:
OpenAI: Standard Contractual Clauses (SCC)pursuant to Art. 46(2)(c) GDPR, via OpenAI Ireland Ltd. as the EU-establishedentity.
Anthropic: Standard Contractual Clausespursuant to Art. 46(2)(c) GDPR and Anthropic's participation in the EU-U.S.Data Privacy Framework (DPF).
Google: Standard Contractual Clausespursuant to Art. 46(2)(c) GDPR and Google's participation in the EU-U.S. DataPrivacy Framework (DPF).
Furtherinformation on each provider's data protection practices:
OpenAI: https://openai.com/policies/privacy-policy/
Anthropic: https://www.anthropic.com/privacy
Google: https://policies.google.com/privacy
7. Personalised Recommendations and Profiling
To deliver personalised content and recommendations within the Service, the Provider processes personal data about user behaviour, preferences, and activity. This constitutes profiling within the meaning of Art. 4(4) GDPR.
Data used for profiling includes: in-app search queries and filters; profiles viewed,LYNQ requests sent and received; events and circles joined, created, orbrowsed; places marked as favorites or visited; location data (city-level) andproximity to other users; membership type and feature usage patterns; and time and frequency of app interactions.
Logic and purpose: This data is analysed, including with the assistance of the AI Services described inSection 6, to generate ranked recommendations of users, events, circles, andplaces that are statistically likely to be relevant to the user based on theiractivity patterns and profile attributes. Recommendations represent suggestions only. No profiling activity produces automated decisions with legal effect ordecisions of equivalent significance on the user. Users remain in full controlof all connection, participation, and engagement decisions.
Legalbasis: The performance of the contract pursuant to Art. 6(1)(b) GDPR. Personalised recommendations are a core and integral feature of the Service. Processing youractivity data to generate recommendations is necessary to provide the Serviceas described in the Terms of Use. Because this processing is based on contrac tperformance rather than legitimate interests, the right to object under Art. 21GDPR does not apply. If you do not wish your data to be processed forpersonalisation purposes, you may delete your account and discontinue use ofthe Service.
8. Automated Processing and AI Features
The Provider employs automated processing, including artificial intelligence, forthe following purposes within the Service:
a. Personalised recommendations: As described in Section 7. Recommendations are non-binding suggestions.
b. Profile introductions: AI-generated introductory texts as described in Section 6(a). You retain the ability to review, edit, or decline any generated introduction.
a.Amazon Web Services (AWS): The LYNQ application is hosted on the Amazon Web Services cloudplatform provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy,L-1855 Luxembourg. All personal data is stored and processed exclusively on AWSservers located within the European Union. AWS is certified to ISO 27001, SOC1, SOC 2, and SOC 3 standards. AWS acts as a processor pursuant to Art. 28GDPR. The Provider has concluded a Data Processing Agreement with AWS. Noindependent access to stored data is granted to AWS beyond what is required forinfrastructure provision. Further information: https://aws.amazon.com/privacy/https://aws.amazon.com/privacy/
c. Search interpretation: Automated interpretation of search queries to deliver relevant results.
d. Content moderation:Automated systems and, where necessary, human moderators may review user-generated content to detect potential violations of the Community Guidelines or applicable law. Where automated moderation results in content restriction or account action, you have the right to request human review bycontacting support@lynq.me.
None of the automated processing described in this section constitutes solely automateddecision-making with legal or similarly significant effects within the meaningof Art. 22(1) GDPR. All decisions with significant consequences for users aresubject to human oversight.
TheProvider uses Stream.io, provided by Stream.io Inc., 350 InterlockenBlvd, Suite 200, Broomfield, CO 80021, USA, to enable messaging between usersand to deliver in-app notifications.
Transparencyunder the EU AI Act: The Provider is preparing for full compliance with the EUAI Act transparency requirements applicable from August 2026, includingdisclosure of AI-generated content and notification of AI-mediated interactionswhere required.
Right tocontest: If you believe an automated system has treated you unfairly orincorrectly, you may request human review by contacting support@lynq.me. We will respond within 30 days.
9. Infrastructure and Cloud Services
b. MongoDB: User datais stored in MongoDB database services provided by MongoDB, Inc., 1633Broadway, 38th Floor, New York, NY 10019, USA, with processing exclusively onservers in the European Union. MongoDB acts as a processor pursuant to Art. 28GDPR. Processing is carried out on the basis of Standard Contractual Clausesensuring an adequate level of data protection. Further information: https://www.mongodb.com/legal/privacy/privacy-policy
10. Messaging and Notification Services
Thefollowing data is transmitted to Stream.io for this purpose: user ID; userdisplay name; profile photograph; content of messages sent and received (textand images); notification content.
Where the Provider integrates Google Maps and Google Places features,provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,Ireland, these services may process your IP address and, where locationservices are active and you have given permission, your location data.
The legalbasis is the performance of the contract pursuant to Art. 6(1)(b) GDPR.Stream.io acts as a processor pursuant to Art. 28 GDPR. The Provider hasconcluded a Data Processing Agreement with Stream.io. Data transfers to the USAare safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
Furtherinformation: https://getstream.io/legal/privacy/
The Provider uses the following third-party services to deliver one-time SMS authentication codes to users:
11. SMS Authentication Services
a. AppleApp Store and App Store Connect: The LYNQ application is distributed via the Apple App Store, operatedby Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. As part of appdistribution, the following data may be processed by Apple: user ID; diagnosticdata; unique device identifier for advertising; purchase history; usage data;product interactions; search history; identifier for vendor (IDFV); universallyunique identifier (UUID). App Store Connect provides the Provider withaggregated analytics data about app performance and user interactions.Analytics data from App Store Connect is only made available to the Providerwhere the user has consented to share diagnostics and usage data with Apple intheir device settings.
a. Vonage: The SMS service of Vonage Holdings Corp. (via Vonage Communications Ltd., 7 SavoyCourt, London, WC2R 0EX, UK) is used to transmit authentication codes. Thefollowing data is transmitted to Vonage for this purpose: the mobile phonenumber provided by the user; an individually generated one-time authentication code. Vonage acts as a processor pursuant to Art. 28 GDPR. The Provider hasconcluded a Data Processing Agreement with Vonage. Further information: https://www.vonage.com/legal/privacy-policy/
b. Google Firebase Authentication: The Provider also uses Google Firebase Authentication, a serviceprovided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,Ireland, to deliver SMS-based one-time authentication codes. The following datais transmitted to Google for this purpose: the mobile phone number provided bythe user; an individually generated one-time authentication code; device andsession metadata required for fraud prevention and abuse detection. GoogleIreland Limited acts as a processor pursuant to Art. 28 GDPR. The Provider hasconcluded a Data Processing Agreement with Google. Data transfers to the USAare safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPRand Google's participation in the EU-U.S. Data Privacy Framework. Further information:https://firebase.google.com/support/privacy
Byproviding their mobile phone number during registration, the user agrees toreceive authentication SMS messages from LYNQ via either of the aboveproviders. The legal basis for both services is the performance of the contract pursuant to Art. 6(1)(b) GDPR and the legitimate interests of the Provider pursuant to Art. 6(1)(f) GDPR in providing a secure and reliable authentication mechanism.
12. Mapsand Location Services
a.Location access:With your explicit permission, the Provider accesses your device's precise GPSlocation to display nearby users, events, and places, and to enablegeolocation-based features of the Service. The Provider updates your locationon app start and when updating or visiting specific screens. The Provider alsouses your location in the background to detect when you arrive in a new city,in order to notify your connections that you are nearby. This applies only incase this service is enabled in your app settings. Location data is transmittedto the Provider's servers only during active use of the app on specific screeninteractions and/or when you cross a city boundary. The location is not trackedpermanently. The Provider does not retain exact location histories. Only thecities visited are retained for contextual recommendation and notificationfeatures (see Section 5(c)). You can revoke location permission at any timethrough your device settings, which will disable geolocation-based featuresincluding city arrival notifications. The legal basis is the performance of thecontract pursuant to Art. 6(1)(b) GDPR, as location access is a core functionof the geolocation-based Service.
If you are logged into a Google account when using map features, your data may be associated with that account by Google. The legal basis is the performance ofthe contract pursuant to Art. 6(1)(b) GDPR for map-dependent features andlegitimate interests pursuant to Art. 6(1)(f) GDPR. The Provider has concludeda Data Processing Agreement with Google pursuant to Art. 28 GDPR. Datatransfers to the USA are safeguarded by Standard Contractual Clauses and Google's participation in the EU-U.S. Data Privacy Framework.
Furtherinformation: https://policies.google.com/privacy
13. App Distribution Platforms
The legalbases are legitimate interests pursuant to Art. 6(1)(f) GDPR and, whereapplicable, contract performance pursuant to Art. 6(1)(b) GDPR. Furtherinformation: https://www.apple.com/legal/privacy/
b. Google Play Store and Play Console: The LYNQ application is also distributed via the Google Play Store, operated by Google Ireland Limited, Gordon House, BarrowStreet, Dublin 4, Ireland. As part of app distribution, the following data maybe processed by Google: user ID; diagnostic data; unique device identifiers; purchase history; usage data; product interactions. Play Console provides theProvider with aggregated analytics data where the user has consented to sharethis information. The Provider has concluded a Data Processing Agreement withGoogle pursuant to Art. 28 GDPR. Transfers to the USA are safeguarded byStandard Contractual Clauses and Google's participation in the EU-U.S. DataPrivacy Framework. Further information: https://policies.google.com/privacy
14. Device Permissions
b. Contact access: With your explicit permission, the Provider may temporarily access your device contact list to identify which of your contacts are already registered on LYNQ and to enable you to invite selected contacts. Contact data is not stored beyond the duration necessary for this function and is never used for advertising or shared with third parties. Invitations are sent only after you manually select individual contacts. The legal basis is your consent pursuantto Art. 6(1)(a) GDPR.
c. Photolibrary access:With your explicit permission, the Provider accesses your photo library solelyto allow you to select and upload images to your profile or events. Photos areaccessed only when you actively initiate an upload. No other photos in yourlibrary are accessed, stored, or analysed. The legal basis is your consentpursuant to Art. 6(1)(a) GDPR.
15. Content Moderation
To maintain a safe and lawful environment in accordance with the Provider's Community Guidelines and applicable law, the Provider monitors content shared within the Service. Moderation may be conducted by automated systems designed to detectharmful, inappropriate, or non-compliant content, and by human moderators whoreview flagged content.
The legalbasis for content moderation is compliance with legal obligations pursuant to Art. 6(1)(c) GDPR and the Provider's legitimate interests pursuant to Art.6(1)(f) GDPR in operating a safe and lawful platform.
All moderation is performed in accordance with applicable data protection law and the Provider's internal governance policies. Moderators access user-generatedcontent exclusively for the purpose of assessing compliance with Community Guidelines and applicable law.
If yourcontent has been restricted or your account has been actioned and you believe this decision was made in error, you may request human review by contacting support@lynq.me. We will respond within 30 days.
16. Cookies, Analytics, and Tracking Technologies
Cookies are small data files stored on your device. The Provider uses cookies and similartracking technologies on its website and within the app in accordance with Sec.25 TDDDG and Art. 6 GDPR.
Strictlynecessary cookies: These cookies are required for the technical operation of the website, including session management and security. They do not require consent and are set on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR. They cannot bedisabled without materially impairing website functionality.
Analytics and non-essential cookies: Cookies and tracking technologies used for analytics, performance measurement, and other non-essential purposes are only set or activated withyour prior consent pursuant to Sec. 25(1) TDDDG and Art. 6(1)(a) GDPR. You maygive, refuse, or withdraw consent at any time via the cookie consent banner onthe website or the consent mechanism in the app.
a. Google Analytics:The Provider uses Google Analytics 4, provided by Google Ireland Limited,Gordon House, Barrow Street, Dublin 4, Ireland, to analyse usage of its websiteand app. Google Analytics uses cookies and similar technologies to collect information about how users interact with the Service. Data including anonymised IP addresses may be transmitted to Google servers in the USA. TheProvider has implemented Google Consent Mode v2; analytics data is onlycollected following your explicit consent. The transfer to the USA is safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR andGoogle's participation in the EU-U.S. Data Privacy Framework. The Provider hasconcluded a Data Processing Agreement with Google pursuant to Art. 28 GDPR.Legal basis: consent (Art. 6(1)(a) GDPR, Sec. 25(1) TDDDG). Furtherinformation: https://policies.google.com/privacy
b. Facebook SDK: TheProvider uses the Facebook SDK provided by Meta Platforms Ireland Ltd., 4 GrandCanal Square, Grand Canal Harbour, Dublin 2, Ireland, for app analytics andcontent sharing features. The Facebook SDK may use device identifiers andsimilar tracking technologies to collect information about app usage andinteractions. The following data may be transmitted to Meta: technical data(device type, operating system, app version); app usage data (featuresaccessed); information about interactions with Facebook-integrated features.Meta is certified under the EU-U.S. Data Privacy Framework (DPF). The Providerhas concluded a Data Processing Agreement with Meta pursuant to Art. 28 GDPR.Legal basis: consent (Art. 6(1)(a) GDPR, Sec. 25(1) TDDDG). You may withdraw consentby contacting privacy@lynq.me. Further information: https://www.facebook.com/privacy/policy/
If you prefer not to accept any cookies, you can configure your browser to block them.Please note that blocking strictly necessary cookies may impair thefunctionality of certain parts of the website.
17. International Data Transfers
The Provider primarily stores and processes personal data within the European Union. Where data is transferred to third countries (including the UnitedStates), the Provider ensures adequate protection through one or more of thefollowing mechanisms:
StandardContractual Clauses (SCC) approved by the European Commission pursuant to Art.46(2)(c) GDPR;
The EU-U.S.Data Privacy Framework (DPF) where the recipient is certified thereunder;
Otherappropriate safeguards pursuant to Art. 46 GDPR.
A summaryof transfer mechanisms by processor is provided within the relevant sections ofthis Privacy Policy (Sections 6, 9, 10, 11, 12, 13, 16). You may obtain copiesof applicable Standard Contractual Clauses by contacting privacy@lynq.me.
18. Data Retention
The Provider retains personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by applicable law.
Account andprofile data is retained for the duration of your account and deleted within 30days following account deletion or deactivation. Financial and invoice recordsare retained for 10 years in accordance with statutory obligations under Sec.257 HGB and Sec. 147 AO. All other personal data is deleted or anonymised assoon as it is no longer necessary for the purpose for which it was collected.
19. Data Security
Inaccordance with Art. 32 GDPR, the Provider has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure.These measures include encryption of data in transit and at rest, access controls and authentication requirements, regular security assessments, and contractual security requirements imposed on all processors.
The LYNQ application is hosted exclusively on ISO 27001, SOC 1, SOC 2, and SOC 3 certified infrastructure. Despite these measures, no data transmission over theinternet or electronic storage system can be guaranteed to be 100% secure.
20. Data Sharing and Disclosure
The Provider does not sell personal data to third parties. Personal data is shared only in the following circumstances:
a. With processors: The Provider shares data with service providers acting asprocessors under Art. 28 GDPR (including those described in Sections 6, 9, 10,11, 12, 13, 16 of this Privacy Policy) solely to the extent necessary toprovide the Service. All processors are contractually bound to process dataonly on the Provider's documented instructions and to implement appropriatesecurity measures.
b. With other users: Your profile information is visible to other users of the Servicein accordance with your privacy settings. By default, profile information isvisible to all users of the Service. You may restrict visibility of certain information (such as precise distance) in the app settings.
c. Legal requirements: Where required by applicable law, court order, or a binding request from a competent governmental or regulatory authority, including lawenforcement authorities.
d. Business transfers: In the event of a merger, acquisition, or transfer of all or substantially all of the Provider's assets, personal data may be transferred tothe acquiring entity, subject to the same data protection obligations set outin this Privacy Policy.
e. Protection of rights: Where necessary to protect the Provider's legal rights orto prevent imminent harm to users or third parties.
f.Aggregated or anonymised data: The Provider may share aggregated, anonymised data that does not identify individual users with business partners foranalytics and service improvement purposes.
21. DataBreach Notification
In the event of a personal data breach, the Provider will assess the risk to data subjects and, where required by Art. 33 GDPR, notify the competent supervisory authority without undue delay and in any event within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to therights and freedoms of data subjects, the Provider will also notify affected individuals directly in accordance with Art. 34 GDPR, without undue delay andvia the most appropriate channel (including via in-app notification or emailwhere available).
22. Your Rights
You havethe right to access, correct, delete, or restrict the processing of yourpersonal data, to data portability, to withdraw consent at any time, and toobject to processing based on legitimate interests (Arts. 15-21 GDPR). Toexercise any of these rights, contact privacy@lynq.me — we will respond within one month. You alsohave the right to lodge a complaint with the competent supervisory authority(Art. 77 GDPR): ldi.nrw.de.
23. Changes to This Privacy Policy
The Provider reserves the right to update this Privacy Policy to reflect changes to the Service, applicable law, or data processing practices. The version of the Privacy Policy published at the time of your use of the Service applies.
Where changes are material, the Provider will notify users in text form (including via in-app notification or email) with reasonable advance notice. You are encouraged to review this Privacy Policy periodically. The date of the mostrecent update appears at the end of this document.
24. Contact
For alldata protection enquiries, requests to exercise your rights, or concerns aboutthe processing of your personal data, please contact:
Email: privacy@lynq.me
Postal:LYNQ GmbH & Co. KG, Josephinenstr. 17, 40212 Dusseldorf, Germany
For mattersspecifically concerning the Data Protection Officer: dpo@lynq.me
TheProvider will endeavour to respond to all enquiries promptly and no later thanwithin the statutory timeframes.
Status:03/2026
Copyright
(c) RA Michael Terhaag, law firm Terhaag & Partner Rechtsanwalte - www.aufrecht.de for LYNQ. All rightsreserved.