Table of contents
This Privacy Notice provides an overview of the processing of your personal data in the context of the use of the offers and online Services on our Website and the corresponding App (hereinafter referred to as the ‘Service’).
Furthermore, this Privacy Notice informs you about your rights and the possibilities you have to control your personal data and to protect your privacy.
We have always taken the protection of your personal data very seriously and continuously take appropriate organisational, contractual and technical measures to protect your data from unauthorised or unlawful processing and against accidental loss, destruction or damage.
The data controller is Ideawise Limited, Room 604, Alliance Building, 133 Connaught Road, Central Hong Kong, Hong Kong. Its representative is SmH ServiceCenter.de GmbH, P.O. Box: 20 04 34, 13514 Berlin/Germany. (Please direct any general support requests to: firstname.lastname@example.org).
Ideawise Limited is also meant when the terms ‘we’ or ‘us’ are used below. Please note that we are a company based outside the European Economic Area (‘EEA’). As far as you use our Service and data is processed, these data are collected by a data controller located in a so-called ‘Third Country’. Nonetheless, we will respect standards under applicable European data protection laws. Details about international data transfers can be found in section 7 below. You can contact our data protection officer at: email@example.com (general support request will not be processed by the data protection team, please direct these requests to: firstname.lastname@example.org).
If we provide the Service for your use, we process personal data from various sources. This is data that we collect automatically - for example when you visit our Website - as well as other data that you have additionally provided to us.
a. Types of Data That We Automatically Collect
When visiting our Website or opening our App, you submit technical information to our servers. This happens regardless of whether you subsequently register an account with us to use the Service or not. In any case, the following data will be processed:
During every visit of our Website:
The so-called server log. This is a file which stores the following data: the time, the status of your Website visit (status means in this case whether the request of the Website was successful or not) as well as the request that your browser has made to the server to open the page, the amount of data transferred and the Website from which you came to the requested page (referrer), and the product and version information of the browser used (user agent).
When opening the App:
- IP address
- The identification number, name and version number of the App, as well as App Store origin
- Device model, OS Type, Name and Version number (iOS / Android)
- Device Language
If you create a profile on our Service, we will assign a so-called unique user ID to it. Besides your chosen profile name, the unchangeable Unique User ID allows us to uniquely identify your profile.
b. Types of Data You Transmit to Us
In addition to the data we receive from all Website visitors, we also process other data from registered users.
The exact amount of this data depends on how you use the Service.
Personal information that you publicly upload to your profile or other areas of the Service will be visible to other users (and searchable via the search feature within the Service). If you choose additional settings for the wider publication of your data, this information will also be accessible to users who are not logged in. These privacy settings can be determined by you in your profile settings.
The data you provide to us include:
i. User account / profile data:
To use the Service, you can create a user account (a ‘Profile’). When you create a Profile, you must provide some mandatory information to complete the registration.
- Email address
- City and postcode
- Date of birth
- What gender is searched for
- What you are looking for (kinky dates, networking...)
When uploading an image, other users have the option of sending the image directly from our Service to Google Image Search using the ‘Classify Images’ feature. This way, other users can help us to better recognise fake profiles and unwarrantedly uploaded images. Of course this does not apply where you have uploaded an image to your secret gallery.
By use of the so-called Single-Sign-On procedure, when registering with a profile, a profile is also automatically created at Thinkific. More information about this in Section vii.
ii. Optional Profile Information:
The use of the Service is possible only with the aforementioned information. However, you may also provide additional personal information in your Profile, such as physical characteristics, personal interests or detailed information about your sexual preferences, political opinions or ideological beliefs. If you want to, you can upload photos and videos to your Profile or to a secret gallery. The scope of this optional data can be determined by you via the respective input fields in your Profile settings.
iii. Location Data:
When you register with our Service, we use your IP once to determine your approximate location. You can agree to this localisation when registering or change it if necessary. In the app your location will only be collected with your permission.
iv. Communication Data: Users
If you communicate with other users of our Service, we save your conversations so that the conversation history with your chat partners can be permanently displayed, and conduct checks on certain keywords for the prevention of criminal activity.
v. Communication Data: Customer Service
When you contact our Customer Service, written communications between you and the Service staff and notes on each transaction are stored so that you can always have a smooth Customer Service experience when the transaction is resumed by other Service staff.
vi. Data for Age Verification and Fake Check:
To perform the age verification (18+ check), we need a video from you. You must be visible in the video. In addition, your date of birth must be clearly visible on an official identity card. This way, we can verify that you are in fact of age.
Alternatively, (Germany only), with 'Age Verification via PIN', €0.99 will be deducted from your bank account and your age checked and verified by Schufa. Upon entering the unique PIN code from your bank statement on your profile, you are age-verified.
If your profile is suspected of being a fake profile, you must have your profile verified. To do this, you need to upload an image that shows your face. You must also visibly hold a note in your hand stating your user name and the current date.
vii. Notification of Device Access (App):
If you grant access to your camera or photo album, we will only receive the data you actively provide, e.g. photos you upload to the Services and nothing beyond. The same applies to you consenting to the delivery of notifications and the way in which they are displayed. You can change these settings at any time in the device settings and revoke your consent there. Your list of contacts will never be accessed at any time.
viii. Social Sign-On:
You can also use the ‘Login with Facebook’ feature to create your profile. When choosing this feature, you transmit your username on the social network at www.facebook.com (‘Facebook’), your email address with which you registered on Facebook, as well as your gender, first name and your profile picture. Your first name and profile picture are used to suggest a profile name and profile picture in our Service, you can reject or change both during the sign-up process.
Please be aware: If you sign up to use the service, a strictly designated account will be created with our service provider Thinkific so that you may use our ‘BDSM Training School’ feature. More information about Thinkific can be found in Section 4.
We process your data exclusively for the following defined purposes:
- To allow you and other users to use the Service and to ensure its functionality
- To provide you with additional Services that you have purchased
- To keep you up to date with relevant information about our Service and to send you system notifications to the email address you have provided
- To send our newsletter and other information about our Services to the provided email address (such as for example about competitions/sweepstakes, discount campaigns, events, satisfaction surveys or other similar offerings of our online platforms)
- To adapt the provision of the Service to your needs
- To provide the ‘BDSM Training School’ together with Thinkific
- To display advertising tailored to your interests (including participation in sweepstakes)
- To continuously improve the Service offer and to correct errors
- To detect and prevent fraud attempts
- To ensure the protection of minors
- To enable the exchange with Customer Service in case of questions
- To check information published on your profile or shared by you through the Service
- To disclose your personal data to third parties if we are legally obliged to do so
- To assert legal claims and to defend against legal disputes
- To ensure IT security and smooth operation of IT systems
- To assist the competent authorities in discovering and prosecuting criminal offences including, but not limited to, offences causing bodily injury or death of the victims
In doing so, we rely on various legal bases in accordance with the so-called General Data Protection Regulation, a European Union legal framework for the standardisation of data protection law (‘GDPR’ for short). We refer in detail to the following legal bases:
Your consent (Art. 6 (1) lit. a & Art. 9 (2) lit. a GDPR)
When visiting the Website without registration, you agree to the cookie guidelines in the pop-up. If you have given us your consent to process personal data for specific purposes, this consent ensures the legality of the processing. By registering and creating your profile, you expressly agree to its use for the purposes described in detail in this Privacy Notice by ticking the box before submitting the registration form. So, if we process your data, it is because you have expressly allowed us to do so when you registered. Your consent is therefore the most important legal basis for the processing of your personal data by us. If you provide us with information about your sexual orientation or preferences, we will process this data exclusively on the basis of your consent.
Fulfilment of contractual obligations (Art. 6 (1) lit. b GDPR)
At the same time, the processing of personal data takes place also for the provision of the Service and in the context of the performance of our contract with you. In many cases, the processing is not only justified by your consent, but also because it is necessary to fulfil our contract with you: In order to fulfil your claim to the Services described in more detail in our General Terms and Conditions, it may be necessary, for example, to process your personal data, for example, if you wish to pay for your VIP or Premium membership the processing of your payment information is required.
Protecting vital interests (Art. 6 (1) lit. d GDPR)
We invoke this legal basis in narrowly defined case constellations (e.g. reported suicide announcements) where the processing is necessary for the protection of the vital interests of the data subject or another natural person.
Safeguarding legitimate interests (Art. 6 (1) lit. f GDPR)
By registering to use the Service, you consent to the processing of your data in accordance with this Privacy Notice. That is why we process your data in principle, because you have allowed us to do so. However, there are some cases in which we would be entitled to process your data without your consent because it is necessary to protect our legitimate interests (or the interests of third parties). In this respect, the purposes for which we process your data also represent legitimate interests. We pursue legitimate interests, for example, if we check images or texts for content relevant under applicable criminal law or if we take measures to secure our ‘virtual domiciliary rights. In these cases, we will not ask you in advance whether you agree to this processing, since processing is otherwise permitted by law.
Legal requirements or in the public interest (Art. 6 (1) lit. c & e GDPR)
In addition, we are legally obliged to provide certain information to criminal prosecution, tax or other authorities in individual cases upon request, if such processing is necessary for safeguarding public interest. Additionally, commercial and tax law contains such obligations for processing in some cases.
We treat your personal data with care and confidentiality and will only pass them on to third parties and other recipients to the extent described below and not beyond.
a. To Other Users:
As our Service is a platform for getting to know each other, it is in the nature of things that we forward your profile data as well as other data (e.g. news you write and other communication you have with other users and the community) at your request and on your behalf to the corresponding users of the Service.
b. To Group Companies:
We transfer data to affiliated companies which form part of the same group of companies as us within the framework of strict protection requirements. This is the case, for example, when you make a Customer Service request. We will then forward this request to SmH ServiceCenter.de GmbH, a service company associated with us. In addition, our development company, TheNetCircle Network Co. Ltd. as well as the payment / debt collection partners Compay GmbH and Faircollect GmbH and the community management and marketing at Playamedia S.L. receive the necessary information to ensure the security and functionality of the Service and the handling of payments.
c. Third parties and Other Recipients (Both When Using Web and App):
In addition, we transmit data to external service providers who enable us to provide the Service to you. These include hosting providers, delivery service providers, payment service providers and providers of analytics platforms. We require each of these service providers to comply with strict rules about the security of your personal information when processing personal information on our behalf. Such processing operations are therefore principally based on your explicit consent as well as contractual agreements guaranteeing an adequate level of protection for your data.
We use the following affiliate systems to attract new customers to our community. In doing so we measure success on the basis of registrations and revenue.
We also use Google Adwords in conjunction with the Google Tag Manager to promote our site in Google search results and on third-party sites. Google (location USA, Privacy Shield certified) uses a remarketing cookie that contains a pseudonymous cookie ID and information about the use of our Website. This way, displayed ads are tailored towards your interests. Information on opt-out
Hasoffers/TUNE (location USA, Privacy Shield certified) is an affiliate marketing platform that uses anonymised postback tracking as well as pixel tracking to track in-site/in-app user activity (e.g. purchase of memberships, picture uploads yes/no etc.) of a user that was acquired via the Hasoffers affiliate marketing platform. We use this service to understand how users acquired via this channel interact with our sites and to analyse the effectiveness of our Hasoffers campaigns. Further information
and opt-out options
Microsoft Bing Ads & Microsoft Conversion Tracking
This Website uses the Bing tracking feature of Microsoft Corporation (location USA). Bing can track the activity of the users as they interact with the ads that are being displayed in Bing. We us Bing Ads services to advertise our brand with the purpose of bringing more users to the site. As the users of Bing type specific keywords, our ads will be shown in accordance to the words they have used in their query. When interacting with such ads, Bing will place cookies so it can display similar ads or ads that may be of your interest in the future. The data Bing collects can include: searches and location, websites, videos and ads viewed, user information if the user possesses a Microsoft account (age range, email, telephone and gender). Information on opt-out options
Jira and Confluence are products of the company Atlassian (location USA) that we use for error prevention, troubleshooting and for project management. In principle, no personal data is transmitted, in rare circumstances, however, a username may be mentioned in a so-called ‘ticket’ in order to enable us to quickly resolve technical issues.
This hosting service (processing in the USA and Europe) is used by us to store and deliver videos and images.
We transmit data to authorities in the event of a legal obligation based on a request for information from the respective authority.
Our subsidiary Compay GmbH (located in Germany, adequate level of data protection) is our payment collection partner. When purchasing a membership or points via the website or mobile website, the billing information is passed directly to Compay. Here
you can see what data is involved. For information about payments via the App, please see point 5.
We use Facebook (location USA, Privacy Shield certified) for the feature ‘Log in with Facebook’. The data required for registration (e-mail address, date of birth, first name, profile photo) is transferred from Facebook to us.
Google LLC is a Privacy Shield certified provider from the USA. Google Analytics is used to analyse the behavior of users of our Services. With the help of Google Captcha, we can determine whether a visitor is a human being or a machine for certain actions. YouTube videos are embedded in our Service in ‘advanced privacy mode’. While no Youtube cookies are set due to this particularly data protection-friendly method of embedding, calling up the pages nevertheless leads to a connection being established with YouTube and the DoubleClick network. A click on the video can trigger further data processing operations over which we have no control. Information on opt-out options
Kayako (location UK, adequate level of data protection) is our system for dealing with customer queries. With each request the email address, your preview profile picture and the username will be transmitted.
Paysafecard.com (branch of the Prepaid Services Company Limited located in Germany, adequate level of data protection) is a payment provider for anonymous payments. With a Paysafecard you can buy a membership or points. If you select Paysafecard when you purchase, the User ID will be passed on to Paysafecard.com and the email address will be passed on to our own payment provider Compay.
We use Thinkific (location Canada, adequate level of data protection) for the provision of the ‘BDSM Training School’ on our Service. When you register, we transmit your user name and a pseudonymised email address to Thinkific. The pseudonymised email forwards incoming emails to your email address stored in our system. Thinkific processes this data as our processor solely for the purpose of operating our service. If you also register for a course or another activity on our service, your username, the pseudonymised email address and your last log-in date will be disclosed to the respective course teacher via the Thinkific backend.
We use Twilio (location USA, Privacy Shield certified) for our free SMS service. If this feature is used, the recipient's telephone number and the SMS text are transferred.
With this survey feature (location Spain, adequate level of data protection) we improve and entertain our community through a permanent feedback survey, as well as regular via quizzes, other surveys and evaluations. It depends on each survey which information is passed on to Typeform, furthermore you decide for yourself what you enter here. Among other things, the nickname, sex, payment class, information about the device (operating system, model, manufacturer and mobile phone provider) as well as the location stored in the profile can be transmitted.
Vendo (location Switzerland, adequate level of data protection) is an alternative payment provider for payments outside of Germany, Austria and Switzerland. When purchasing a membership or points, the User ID will be forwarded directly to Vendo.
Virtual Business Support
In order to unlock uploaded pictures even faster, we work with Virtual Business Support (Philippines), who moderate new pictures with the help of expert staff. For the Philippines, there is currently no adequacy decision of the European Commission, the processing is based on your explicit consent according to Art. 49 GDPR, and is based on data processing agreements and standard contract clauses.
d. Third parties and Other Recipients (only when using the App):
Adjust (location Germany, adequate level of data protection) provides usage evaluation and analysis of marketing activities. When opening the App, Adjust collects installation and event data. We use this information to understand how our users interact with our App and to analyse mobile ad campaigns. For such an analysis Adjust uses your anonymised IDFA (iOS) or GAID (Android) as well as your anonymised IP address. It is not possible to identify you individually.
We use Apple (USA, Privacy Shield certified) and its Apple Push Notification Service (APNS) to send push notifications to iOS users that may contain personally identifiable information.
The Facebook SDK (USA, Privacy Shield certified) included in our App helps us to increase the success of Facebook advertising campaigns by, for example, avoiding the display of ads on devices on which this App is already installed. In addition, the Facebook SDK allows for various evaluations of the installation of the App and of the success of the advertising campaign. In addition, individual activities (events) of the user within the App can be analysed in order to better define the target group for advertising campaigns, for example. For this purpose, we send Facebook pseudonymous data, such as the time, model name of the device, IP address, name of the App, a unique Ad-ID created by Facebook, and the information that the App has been launched. The Advertising ID provided by the operating system of the terminal device serves as the pseudonym. The latter occurs regardless of whether the user uses Facebook or not. Facebook uses this information to create a profile for the Ad-ID along with other information and uses this profile for promotional purposes.
We work with ‘Sentry’ from Functional Software, Inc. (USA, Privacy Shield certified) to detect and eliminate errors that occur in our backend. In the event of a crash or other unexpected errors, information such as the version of the operating system and some technical data about the cause of the error is sent to Sentry. However, this information does not contain any personal data. We merely use the data to increase the stability of our App.
Additional Google Services
Google Fabric (incl. Crashlytics and Answers) and Google Firebase (both: USA, Privacy Shield certified) help us to monitor the performance of our App, identify crashes and analyse user behavior. We use Google Firebase and its Firebase Cloud Messaging (FCM) service to send push notifications to Android and iOS users that may contain personally identifiable information.
Google AdMob (location: USA) enables us to deliver relevant ads in our app and is powered by ads from Google Ads and other Third Party Ad Buyers on Google's Ad Exchange. More information on how Google manages data in its ads products
Advertising Networks & Affiliates
When using our App, our ad networks and affiliates may use so-called device identifiers to create an anonymous profile of your click behavior for mobile advertising. In our App we work with various mobile advertising partners, including the following companies:
- MoPub (location USA)
- Liftoff (location USA)
- AppLovin (location USA)
- Chartboost (location USA)
- Apple Search Ads (location USA)
- Creative Matters (location Spain, adequate level of data protection)
- Fyber (location Germany, adequate level of data protection)
- Glispa (location Germany, adequate level of data protection)
. Further information on the stored data can also be obtained there. These cookies and device identifiers can be used to display personalised advertisements to you. A profile is also created based on comparable information obtained by Google, Facebook, and other third-party ad networks (see list above) from your visits to other Websites or Apps on their networks.
Deactivation of personalised advertising in the App
You can disable personalised advertising via the settings of your device:
On Android, this option can be found in the Google Preferences App. Depending on the device, this is called ‘Google Settings’ or only ‘Settings’. Under the menu item ‘Google’ > ‘Ads’ you will find the option ‘Deactivate Interest Based Advertising’ or ‘Deactivate Personalised Advertising’ depending on the device. The selection can be used to deactivate personalised advertising.
On iOS this option is located in the App ‘Settings’. Under the menu item ‘Privacy’ > ‘Advertising’ you will find the option ‘No Ad Tracking’. The selection can be used to deactivate personalised advertising.
When purchasing on our Service through the Website or mobile Website, we transfer different information to our collection partners for each payment method. Our partners are Compay GmbH, Vendo Services GmbH, and Paysafecard.com Services. Here
you can find out which data this is for each desired payment method. Payments for courses of the ‘BDSM Training School’ are processed via Stripe
‘Behavioral advertising’ means the use of tracking measures to determine the potential interest of users in advertisements on our Website and in our App and to display them according to their interests. For this we use the following features: Gender, membership type, 18+ status, preferences, interest in membership, number of logins and which gender a member is looking for. Members with a Premium and VIP membership have the possibility to turn off advertising.
All servers of the Service are located in the European Economic Area (‘EEA’), so your data do not technically leave the EEA for the time being, but the technical provision and processing of the data for the operation of the Service takes place in the European Union.
However, when you submit information to us, it is legally collected by a data controller located in a country outside the EEA because we are based in Hong Kong (P.R. China). In addition, our development company is also based in China, from where it has technical access to the servers in the EEA in certain situations.
According to the GDPR, China is a so-called ‘Third Country’ in which no adequate level of data protection can be guaranteed in principle; there is no corresponding adequacy decision and no specific guarantees to compensate for this deficit. This means that, from a European perspective, personal data and data subjects enjoy less protection and rights there.
Where no adequate level of protection for personal data can be guaranteed in a specific country, this means that it is possible that government bodies such as criminal prosecution services and intelligence agencies might be able to access data under less strict requirements than within the territory of the EEA (including secret disclosures without any pre-notification to you). Further, it is likely that you will have no effective remedy to challenge such access to your personal data in or out of court. While you might find this acceptable, we strongly urge you to cautiously assess the level of protection you deem appropriate for the personal data we process when providing the Service to you.
If, as a data controller, we transfer data to a third country, we generally guarantee an adequate level of data protection. This applies regardless of whether it is a transfer to an affiliated company or to another recipient (such as an external service provider acting as a data processor). In these cases, we will ensure that the transfer is either based on approved standard contractual clauses (as well as the prerequisite additional safeguards required under the Articles 44 and following of the GDPR), that there is an adequacy decision for the respective country, or that other appropriate safeguards such as binding corporate rules have been provided to guarantee an adequate level of data protection.
However, please be reminded: When justifying the transfer of personal data to third countries we, first and foremost, rely on the informed explicit consent you have freely given to us when signing up for our Service (as per Article 49 (1) lit. a GDPR). Specifically, you consent to the transfer of the data mentioned in this Privacy Statement to the US, the UK as well as China. If you would like to suspend the third-country transfer of your personal data, you are free to not sign up for our Service or to close the account you have opened with us.
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual or legal obligations. Thus, we store the data in principle only as long as our contractual relationship with you exists and also after termination only as far as the laws of the Federal Republic of Germany and the People's Republic of China require this. If the data are no longer necessary for the fulfilment of such obligations, they shall be deleted regularly and without delay, unless their further processing is necessary for the protection of legitimate interests or for the preservation of evidence within the framework of statutes of limitations. In this sense, in particular the storage of age verification and fake suspicion photos and videos is carried out expressly for the entire duration of the contract, since we hold this data in particular for the ongoing guarantee of the protection of minors and the prevention of fraud attempts.
The data collected under 2.a are stored for 90 days. This storage period serves our protection against attacks on the systems of our Service, e.g. by so-called Distributed Denial of Service attacks, in which the systems are deliberately overloaded by a large number of accesses to our Service in order to interrupt the provision of our Service.
You are not legally obliged to provide us with the above data. In principle, the contractual relationship that you have entered into with us by agreeing to our General Terms and Conditions does not result in any obligation to provide this personal data. However, the transmission of the compulsory data is a basic requirement for a conclusion of a contract with us. In addition, if you do not provide us with certain information or if you object to its use, you may not be able to use the Service, or only to a limited extent. This is because the Service essentially only becomes ‘alive’ through the content posted by the users.
You can assert the following rights:
- Your right to information according to article 15 GDPR,
- Your right to rectification according to article 16 GDPR,
- Your right to erasure according to article 17 GDPR,
- Your right to restriction of processing according to Article 18 GDPR as well as
- Your right to data portability according to Article 20 GDPR.
If you have any questions in this regard, please contact customer service at email@example.com.
You can revoke your consent to the processing of personal data at any time.
In addition, you have the right to lodge a complaint with the responsible data protection supervisory authority.
a. Right of Objection in Individual Cases
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you on the basis of Art. 6 (1) lit. e GDPR (‘public interest grounds’) or of Art. 6 (1) lit. f GDPR (‘legitimate interests’). If you object, we will no longer process your personal data unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
b. Right to Object to the Processing of Data for Advertising Purposes
You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing. If you object, we will no longer process your personal data.
The objection can be made in each case form-free and should be addressed to: firstname.lastname@example.org if possible.