German version: www.heppymedia.com/datenschutz

Last updated: 03/01/2022

Contents

• Preamble
• Changes and updates
• Who we are
• Data Protection Officer
• Legal bases
• Types of data processed
• Categories of subjects affected by the data processing
• Visiting our websites/access data/server log files
• Download in the App Store
• Permissions
• What data we collect
• Proof of identity/age
• How long we store this data
• Location data
• Event data (Only for Mativio)
• Audio recordings (Only for Parlaro)
• Public profiles
• Payment details/subscriptions/in-app purchases
• Single sign-on registration
• Google Maps/Apple Maps
• Purpose of processing
• Use of the data for advertising purposes
• In app notifications
• Who we share your data with/Third Party Services
• Where we send your data to
• Analysis and analytics services
• Google Analytics
• Google Ads/Ad Manager
• Google Adsense
• Google reCaptcha
• Media
• Links
• Social media links/social plugins/embedded content
• Cookies
• Comments
• Contact form
• Newsletter
• Privacy of minors
• What rights you have to your data
• How we protect your data
• What measures we offer in the event of data breaches
• Bug bounty program
• What automated decision-making and/or profiling we perform with user data
• Consent and revocation
• Data Disclosure
• Contact

Preamble

The following privacy policy applies to the websites www.heppymedia.com, www.getheppy.com, www.parlaro.com, www.mativio.com, the mobile apps „Parlaro“ and „Mativio“ for iOS and Android devices, and all other offers that are related to the Heppy Media GmbH apps and refer to this data protection declaration. Collectively, these scopes are hereinafter referred to as „our services“.

Mativio is a platform to easily and spontaneously get to know new people for joint activities. You can create a free account through our app and connect with other users through text, voice, and video recordings. In order to be able to use advanced functions, you have the option of taking out a paid subscription. Our offer is aimed at users aged 18 and over.

Parlaro is a platform to easily and spontaneously talk to people in your area about certain topics. You can create a free account through our app and connect with other users through voice messages. In order to be able to use advanced functions, you have the option of taking out a paid subscription. Our offer is aimed at users aged 18 and over.

This data protection declaration explains the type, scope and purpose of the processing of personal data on our website, the apps and external online presences, such as on our social media profiles. We take data protection very seriously and only collect data that is absolutely necessary for the use of our offers. We never pass on sensitive data such as name, profile picture or email address to third parties for advertising purposes. To improve our services, certain data is evaluated anonymously. It is not possible to draw any conclusions about your person.

Changes and Updates

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your participation (e.g. consent) or other individual notification. If there is a change, we will update the date of the change at the top of this Privacy Policy.

Who we are

Verantwortlicher:

The address of our website is: https://www.heppymedia.com.
Imprint: https://www.heppymedia.com/impressum/

Data Protection Officer

Follows

Legal bases

We process our users‘ data in order to be able to provide our contractual services to them and on the basis of legitimate interests in order to be able to guarantee and further develop the security of our offer. If no specific legal basis for our data processing is mentioned in the individual sections of the data protection declaration, the following articles of the GDPR should serve as the legal basis:

• Article 6, paragraph 1, letter a & article 7: Consent to processing
• Article 6, paragraph 1, letter b: Data processing to fulfill our services and carry out contractual measures as well as answering inquiries
• Article 6, paragraph 1, letter c: Data processing to fulfill our legal obligations
• Article 6, paragraph 1, letter f: Data processing to protect our legitimate interests
• Article 6, paragraph 1, letter d: Data processing in the vital interest of the data subject or another natural person

Types of data processed

• Inventory data (e.g. names, addresses)
• Content data (e.g. text input, audio, photos, videos)
• Contact details (e.g. e-mail, telephone numbers)
• Meta/communication data (e.g. device information, IP addresses)
• Usage data (e.g. websites visited, interest in content, access times)
• Location data (data indicating the location of an end user’s end device)
• Contract data (e.g. subject matter, term, customer category)
• Payment data (e.g. bank details, invoices, payment history

Categories of data subjects affected by the processing

Visitors and users of our websites and apps.
In the following, we also refer to the data subjects as “users” and address them as “you”.

Visiting our websites/access data/server log files

If you visit our websites (without creating an account), the following data, among others, will be transmitted to the hosting service we use to enable data exchange:

• IP address
• Browser identification data e.g. manufacturer, version

We collect access data in order to optimize our websites and to be able to display them technically error-free and to improve the security of the service and store them in so-called server log files. This data is collected on the basis of article 6, paragraph 1, letter f, GDPR. The following data is recorded:

• Name of retrieved web pages and files
• Browser type and version
• Operating system
• Referrer URL (the previously visited page)
• Host name of the accessing computer
• Time of server request
• IP address

This data is not merged with other data sources.

Download in the App Store

When you download our apps from the respective app stores of the operators Apple and Google (even without subsequently creating a user account within our app), the two providers mentioned automatically store certain data such as account and device data (e.g. manufacturer, operating system, version), the country code/language of the device and the time of the download. We have no influence on these data transfers. Please inform yourself in this regard in the respective data protection regulations of the app store operators:

• Apple App Store (Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/app-store/; Privacy Policy: https://www.apple.com/legal/ privacy/de-ww/)
• Google App Store (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Website: https://play.google.com/store; Privacy Policy: https://policies.google.com/privacy)

These apply when downloading our applications in addition to our data protection notices.

This data is necessary so that we can automatically make the appropriate settings (e.g. the correct language selection) in the app and improve your user experience. However, we do not store this data ourselves.

Permissions

In order for our apps to be fully functional, we need your consent for certain permissions that are requested when you start the app for the first time or before using certain functions. This includes access to your device’s location, camera, microphone, photos and media, and notifications. You can revoke your consent at any time in your device settings. However, without these granted permissions, our apps will only function to a limited extent or not at all.

The data of contacts stored in the contact directory of your device can be used to check whether these contacts also use our application. This is required to be able to send your contacts friend requests and invitations to use our app. In this case, we will also obtain your consent before we process this data. Your contact details and your address book will not be sent to us in text form and will not be passed on.

What data we collect

We store and process the following personal data when and after creating an account:

• IP address
• Username
• First name
• E-mail address
• Phone number
• Birthdate
• Profile pictures
• Profile description
• Other voluntary information such as relationship status, hobbies
• Encrypted password
• Sent messages, voice recordings, pictures and videos
• The location at relevant times, e.g. when opening the app or creating an event
• Event data
• Payment details
• Individual account settings of the app
• Transaction data such as e.g. purchase information from Google Play/Apple App Store
• Technical data such as e.g. smartphone model

This data is required to use the apps and is used, for example, to authenticate and display users in your area and to enable communication between users. By creating an account and using the app, you agree to the storage and processing of this data. All users can view, change or delete their personal information at any time. However, the username, first name and age cannot be changed afterwards. To do this, the account must be deleted and a new one created.

Personal data is also generated during technical processes such as submitting contact forms, creating comments, setting cookies and using analysis tools and third-party services. You can find more information about this in the next sections.

For users who register on our websites, we also store the personal information they provide in their user profiles. Website administrators can also view and change this information.

If you write a comment on our website, it will be stored indefinitely, including metadata. This way we can automatically recognize and approve follow-up comments instead of holding them in a moderation queue.

Proof of Identity/Age

If your account has been reported, we may ask you to provide proof of your identity or age in individual cases.

Wie lange wir diese Daten speichern

The data is only stored for as long as it is necessary for the operation of the app and relevant for the use of our services. Data that is no longer relevant will be deleted from our server. When deleting your account (not deleting the app), this data is also deleted or made anonymous. Under certain circumstances, certain data can only be completely deleted after a (legal) period has expired, if they must be retained to fulfill the contract or for legal or tax reasons. This applies in particular to payment data, but also to messages, posts, audio and video recordings that have been reported by users. This is necessary to prevent misuse of our service through fake profiles, spam and illegal activities. This data will be blocked until it is deleted, i.e. this data will no longer be processed for any other purpose. Public data is also no longer visible to third parties during this period.

Location data

In order for our apps to work, we need access to your location data at certain relevant times. This can be, for example, opening the main screen to display other events/users in your area. This data is only stored until another location query is performed. Location data is evaluated anonymously by us in order to improve the use of the app and the user experience. We do not create location histories and movement profiles.

Event data (Mativio)

Voice or video recordings that you create in connection with the creation of an event within the Mativio app are stored until the time of the event is reached, or you delete them yourself. These recordings are publicly available. After the time has been reached, or you have deleted the event, a placeholder image will be set. The same applies if your account is deleted.

Audio recordings (Parlaro)

If you create a voice recording in the Parlaro app, it will be deleted after 1 month of inactivity. As soon as another user replies during this time, the time of deletion is pushed back by 1 month. You can delete your recordings yourself at any time. To do this, click on the 3-point menu to the right of your recording.

Public Profiles

Any information you share on your public profile, such as your name, age, profile description, profile pictures, and the events and voicemails you create are publicly available.

Payment Data/Subscriptions/In-App Purchases

If you take out a paid subscription, data will be collected between you and external payment providers – in this case Apple or Google. We do not store or process any data in connection with payments, but only exchange an anonymous identification feature (transaction ID) with the named providers in order to verify payments. This data will be stored until your account is deleted or after any statutory period has expired.

For in-app purchases, we save the time of the purchases made and the amount spent so that we can credit your user account with the correct amount at any time.

Single sign-on login

Some third-party plugins and services we use, such as single sign-on logins, may collect or provide additional personally identifiable information, such as your username and public profile. By using the corresponding functions in our app/on our websites, you agree to the respective conditions of the third-party providers and consent to the transfer of the data concerned to our database or the exchange of data. We also share certain data such as App ID, access tokens and referring URL with single sign-on providers to enable data sharing. You can find the data protection declarations on the websites of the respective providers. We use the following third-party services, among others:

• Facebook single sign-on login: We do not use the SDK provided by Facebook for this, so there is no tracking by Facebook within our app. (Contact: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Website: https://www.facebook.com. Privacy Policy: https://www.facebook.com/about/privacy)
• Apple Single-Sign-On Login: (Contact: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/; Privacy Policy: https://www.apple .com/legal/privacy/de-ww/)
• Google Sign-In: (Contact: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy)

If you wish to object to the use of your account by third-party providers for single sign-on procedures, you must unlink your account in the settings of the respective single sign-on provider.

Google Maps/Apple Maps

In order to be able to offer location services within our services, we integrate maps from Google Maps and Apple Maps.

• Google Maps: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com; Privacy Policy: https://policies.google.com/privacy
• Apple Maps: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/; Privacy Policy: https://www.apple.com/legal/privacy/de-ww/

Purpose of processing

• Provision of our service, the online offer, its content and functions
• Visit and usage evaluation/conversion measurement
• Contractual services/service/customer care. Answering contact requests and communicating with users. User feedback
• Improvement and optimization of our service
• Marketing, advertising and market research
• Safety measures

Use of the data for advertising purposes

We use the above data, in accordance with legal requirements, for the purpose of self-promotion in the form of e-mail notifications about specific promotions or offers. You can object to the use of your data for advertising purposes at any time in the app settings. If you do not find this setting option in your app version, this means that you will not receive any advertising from us.

In addition, users can be informed by email about processes that are relevant to their user account, such as technical changes.

In-App Notifications

We also use in-app notifications, so-called push messages, to bring you app-relevant news, to remind you of certain events or to draw your attention to new messages from other users. This may also include information about new products or offers. In order to be able to send you push messages, we will obtain your consent. You can deactivate them again at any time in the app settings or the operating system settings.

Who we share your data with/Third Party Services

We use third-party services to implement some functions of our app. This includes e.g. hosting services. This can lead to an exchange of personal data. This is done anonymously and in encrypted form. The third-party providers we select are contractually obliged to treat this data confidentially and to use it exclusively for the services we use. All data transfers and processing by third-party providers selected by us are GDPR-compliant (Art. 44 et seq. GDPR). We share data with third parties on the basis of our legitimate interests, e.g. hosting our services or if transmission of the data to third parties, e.g. to payment service providers, is necessary to fulfill the contract. In addition, we only share personal data with third parties if we are legally obliged to do so.

If we process data in a third country, this is only done on the condition of an officially recognized determination of a data protection level corresponding to that of the EU and compliance with officially recognized special contractual obligations (standard protection clauses of the EU Commission) or in accordance with the legal requirements/one under EU law approved replacement mechanism. (2004/915/EG or 2010/87/EU)

We may share this information within the group of companies and in the event of a business restructuring such as a sale of all or part of the company.

When you share content on social media platforms using our sharing features, the video/voice message/image, username, and text associated with the relevant post will be redirected to that platform, or when redirected via Instant messaging platforms like WhatsApp, with a link to the content shared.

Where we send your data to

Our software, services and data are hosted on servers in Europe.

Analysis and Analysis Services

We collect anonymous analysis data within our apps to improve the use of our services. We evaluate for example which functions of our application are used by users and how often in order to improve user-friendliness. We do not use any third-party services for this.

We use the Google Analytics service to analyze our website. You can find out more about this in the next section.

Google Analytics

We use Google Analytics to optimize our services and offers. Service Provider: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy. We use Google Analytics with activated IP anonymization. This means that your IP address will only be transmitted in abbreviated form.

Google Ads/Ad Manager

We use Google Ads to place ads on the Google advertising network and measure the success of our advertising efforts based on clicks on our ads. However, we do not receive any information that could be used to identify users. The Google Ad Manager allows us to only show users interest-based advertising. Google only tracks via your own Google account. It is therefore not tracked within our app. Service Provider: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy

Google Adsense

Ads are displayed within our applications, for which we receive payment. We use the Google Adsense service for this. Service Provider: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy

Google reCaptcha

To protect against automated requests from bots to our services, we use Google’s reCaptcha service. Data is requested by Google, such as the IP address. You can find more information on how this data is handled in the provider’s data protection declaration: https://policies.google.com/privacy

Media

If you are a registered user and upload photos to our servers, you should avoid uploading photos with an EXIF GPS location. Users of our Services may download photos stored on our servers and extract their location information. All uploaded files are usually publicly accessible. This also applies to videos.

Links

Our websites and apps may contain links to third-party content. This also applies to advertising content. If you click on these links, you leave our area of responsibility and liability as well as the scope of validity of this data protection declaration. Find out from the respective providers of the external content about their data protection practices in the respective data protection declarations.

Social Media Links/Social Plugins/Embedded Content

Articles on this website may contain embedded content (e.g. videos, images, articles etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third party tracking services, and record your interaction with that embedded content, including your interaction with the embedded content if you have an account and are logged in to this website.

Our websites contain links to our social media profiles on Facebook, Instagram, Twitter, YouTube and TikTok. We also use appropriate plugins to implement the integration of this content on our websites. By clicking on these links or on the content of the plugins, the respective providers may request data, including the IP address. Information on the handling of personal data when using these websites can be found in the respective data protection regulations of the providers:

• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Webseite: https://www.instagram.com; Datenschutzerklärung: https://instagram.com/about/legal/privacy)
• Smash Balloon Instagram Feed (https://smashballoon.com/privacy-policy/)
• Facebook (Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. Webseite: https://www.facebook.com; Datenschutzerklärung: https://www.facebook.com/about/privacy)
• Twitter: https://twitter.com/en/privacy
• YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Datenschutzerklärung: https://policies.google.com/privacy)
• TikTok (musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA; Webseite: https://www.tiktok.com; Datenschutzerklärung: https://www.tiktok.com/de/privacy-policy)

Cookies

A cookie stores information about a user during or after their visit to an online offer. This includes, for example, the login status. In principle, you can call up our websites without cookies being set. The browser settings can also be selected so that cookies are rejected. For more information, contact the manufacturer/developer of your browser. Please note, however, that this may limit the functionality of our website.

However, if you leave a comment on our websites, you consent to saving your name, email address and website in cookies. This is a convenience feature so that when you write another comment, you don’t have to re-enter all of this information. These cookies are stored for one year.

If you have an account and you log in to our websites, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will set up some cookies to save your login information and viewing options. Login cookies expire after two days and display options cookies after one year. If you select „Keep me signed in“ when registering, your registration will be kept for two weeks. If you log out of your account, the login cookies will be deleted.

Comments

When you write comments on our websites, we collect the data shown in the comment form, as well as your IP address and user agent string (used to identify the browser) to help spam detection and for security reasons to identify illegal content.

An anonymized character string (also known as a hash) can be created from your email address and passed to the Gravatar service to check whether you are using it. You can find the privacy policy of the Gravatar service here: https://automattic.com/privacy/. After your comment has been approved, your profile picture will be publicly visible in the context of your comment.

Contact form

We use a contact form on our website, whereby the information provided by the user is processed to process the contact request and its processing in accordance with Article 6 (1) (b) GDPR.
The following personal data is transmitted when the contact form is sent:

• Name (required)
• E-mail address (required field)
• Subject
• Message

The transmitted contact form data is relevant for customer service and will be deleted after processing has been completed. We do not use this data for marketing purposes.

Newsletter

With your consent, we will send you newsletters to bring you news on specific topics. The registration for our newsletter takes place in a so-called double opt-in procedure, i.e. after registration you will receive an e-mail in which you have to confirm your registration. This confirmation is necessary so that nobody can register with a third-party e-mail address. We log the time of registration and the IP address and also store unsubscribed e-mail addresses for 3 years in order to meet the legal requirements for subsequent proof of your consent. We collect anonymous data about how our newsletter is used, e.g. which links have been clicked. You can revoke your consent at any time. You will find a link at the end of each newsletter with which you can unsubscribe/terminate the newsletter.

Service Provider: Mailchimp – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com. Privacy Policy: https://mailchimp.com/legal/privacy/.

Privacy for minors

Our service is aimed at users over the age of 18, so we do not collect any data from minors.

What rights you have to your data

If you have an account or have written comments on our website or one of the apps, you can request an export of your personal data from us, including any data that you have shared with us. To protect this data, the data can only be exported if we can clearly prove your identity.
In addition, you can request the deletion of all personal data that we have stored about you. This does not include data that we are required to keep for administrative, legal or security reasons. You can change your data yourself in the app settings at any time or delete your account and thus your data. Please note that messages, images, video and voice recordings sent to other users of our service may be stored and backed up externally by those users. We then no longer have access to this data.
If you believe that the processing of your personal data violates the GDPR, please contact us.

How we protect your data

In accordance with the legal requirements (Art. 32 GDPR), we take appropriate technical and organizational measures within the scope of our possibilities in order to achieve an appropriate level of protection. Sensitive data such as passwords are stored and transmitted in encrypted form. The data traffic between your browser and our server is also encrypted. You can recognize encrypted connections by the prefix https:// in the address bar of your browser.

What measures we offer in the event of data breaches

In the event of a data leak or unauthorized, malicious access to your personal data stored on our servers, you as a user/customer will be informed of the nature and extent of the compromise as early as possible. We take appropriate measures to prevent such a case. If you feel that your account or account information is no longer secure, please contact us at www.heppymedia.com/kontakt.

Bug bounty program

For discovering security gaps in our software/our services and reporting these security gaps to us, we agree to reward the finder appropriately. Please contact us at https://www.heppymedia.com/kontakt.

What automated decision-making and/or profiling we perform with user data

We use services such as Google Analytics that use automated decision-making, e.g. for collecting your data for an advertising profile.

Consent/Revocation

By creating and completing the registration of a user account on our websites or in our apps, you consent to the collection, processing and storage of data on the basis of this data protection declaration and our terms of use. In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to this at any time by deleting your user account in the app settings. Deleting the app is not sufficient for this.

Data disclosure

You have the right to information about your personal data stored by us at any time. Write us an email to: datenschutz@heppymedia.com.

Contact

If you have any questions about data protection or complaints about this data protection declaration, please contact us by email at: datenschutz@heppymedia.com.

If your complaint is not resolved by contacting us, you have the right to lodge a complaint with your local data protection supervisory authority.

If you have any questions about the app or your user account, or if you have problems, feedback, suggestions for improvement or requests, you can contact us here: www.heppymedia.com/kontakt.