Privacy policy.

A. About Flock and Lifetap Flock is a product of Lifetap, which is an artificial intelligence and recommendation portal (hereinafter 'Portal’) connecting activities (hereinafter ‘Activities’) and prospective users (hereinafter 'user') worldwide. Users can obtain information from the app and find the most personalized activity. The portal therefore features various functions to display contents, ask recommendations, and for users to organize groups to get recommendations and chat via the portal. In line with the portal and its services personal data of users is processed in this context. Below we would like to explain in detail how your data is handled in line with the portal. B. Processing of personal data I. General information about processing 1. Terms The following explanation uses the following terms, among others: Activities: Various social and indoor entertainment and relaxing tasks a user can perform at a given instant. User: Persons with a registered account to use the portal, using the portal in connection with a user relationship based on the terms of use of the controller to obtain information and inquire about the activities on the portal. 2. Website and Apps service provider Within the scope of hosting and maintaining our website and apps and the respective IT systems our select service providers may, in strict compliance with the relevant data protection regulations, receive the data collected on the website and the apps. This is based on data processing contracts under which the carefully selected service providers are bound by contract and we remain the controller with respect to data processing. II. Visiting the portal and contact 1. Visiting our portal 1.1. Description of data processing When visiting our portal (websites under Lifetap-ai.com, Flockapp.fun or other domains and the mobile apps under LifeTap GmbH), the browser being used on your device and the lifetap mobile app automatically transmits information to the server hosting our portal. The following information is collected in the process: ● Geo coordinates - If permission is granted during the signup in the app ● Date and time visited ● Information about the browser/app type and the version used ● Operating system ● Username and firebase authentication token - App only This data is further saved to our system’s so-called log files. This data is not stored together with other personal data. It is also not shared with third parties. 1.2. Purpose of data processing The system temporarily storing the geo coordinates is necessary to enable delivery of recommendations in the apps. This requires storing the geo coordinates for the duration of the session. The data is saved to log files to ensure the functionality of the apps. The files further serve optimizing the website and apps and to ensure our IT systems are secure. 1.3. Legal basis for processing The legal basis for temporary data storage and saving to log files is Article 6(1)(f) DSGVO. The required legitimate interest in data processing is the processing purposes specified under Item 1.2. 1.4. Duration of processing/erasure of data Data is erased as soon as it is no longer required for the purposes for which they were collected, or if processing is no longer required. With respect to data collection and storage to provide the website and apps this is the case when the respective session has ended. For data saved to log files this is at the latest three months from the time it was collected. 1.5. Right to object According to Article 21 DSGVO you have the right to object to data being processed according to Item 1.1 at any time for reasons arising from your particular situation. This data will then no longer be processed unless we can verify compelling sensitive reasons for processing which override your interests, rights and freedoms if processing is necessary to establish, exercise or defend legal claims. The visitor can contact us to exercise this objection, especially by e-mailing privacy@lifetap-ai.com. If the objection is legitimate, the data will be erased. 2. Contact form and e-mail contact 2.1. Description and scope of data processing When using our contact form the data entered in the input screen is transmitted to us and stored. When submitting your message we will obtain your consent to data processing, referencing this privacy policy. We can further be contacted using the specified e-mail address. In this case the visitor’s personal data transmitted by e-mail will be stored. The data is only used to process the respective request. Data will not be shared with third parties in this context. With respect to the contact form and e-mail inquiries we use service providers (processors) located in Germany. These are certified under the EU-US Privacy Shield. Based on this agreement between the USA and the European Commission, the latter established an appropriate level of data protection for Privacy Shield certified companies. 2.2. Purpose of data processing Personal data from the input screen or your e-mail is only used to process your inquiry. When contacting us by e-mail this also constitutes the necessary legitimate interest in processing the data. Other personal data transmitted during the send process will be processed for the purpose of preventing misuse of the contact form and to protect our IT systems. 2.3. Legal basis for data processing The legal basis for processing the data with the visitor’s consent (for inquiries using the contact form) is Article 6(1)(a) DSGVO. The legal basis for processing data transmitted by sending an e-mail is Article 6(1)(f) DSGVO. If the e-mail is for the purpose of entering into a contract, the additional legal basis for processing is Article 6(1)(b) DSGVO. 2.4. Duration of processing The data will be erased as soon as it is no longer required for the purposes for which it was originally collected. With respect to personal data from the input screen in the contact form and those transmitted by e-mail, this is when the respective conversation or inquiry with the visitor is completed. The conversation is completed when circumstances indicate the respective matter has been conclusively resolved. 2.5. Right to object or withdraw consent The visitor may at any time withdraw his consent to the processing of personal data provided when using the contact form. The withdrawal of consent does not apply to data processed prior to withdrawing the consent. If the visitor contacts by e-mail, he may object to his personal data being stored at any time according to Article 21 DSGVO. In this case the conversation cannot be continued. The visitor can especially submit his objection or withdraw his consent by e-mailing privacy@lifetap-ai.com. In these cases the data saved in line with contacting us will be erased. III. Registration and profiles 1. Registering with Lifetap 1.1. Description and scope of processing All services and functions of our portal require registering as a user. This requires the following access information: ● E-mail address ● Password When submitting your registration the following data (log file data) will also be stored: ● The user’s geo coordinates ● Date and time Without the above data we are unable to enter into or implement a contract. This data – except log file data – is entered in the respective input screen. All data is saved by us and processed for the purpose of entering into and implementing the user contract to use the services or functions of the portal. E-mail address and password, accepting the terms of use and privacy policy, and log file data are not public on the portal and are not shared with third parties. With respect to implementing the contract the e-mail address is specifically also processed for the purpose of sending the user messages or notifications related to the functions of the portal. If the user registers with his Facebook or Google account, we will receive the respective e-mail address directly from Facebook. In this case the controller does not prompt for a password. Please also note Facebook and Google’s privacy policy in this context. 1.2. Purpose of processing The data collected during registration is processed for the purposes of implementing functionalities the user use in the portal or its services and functions. The log file data is further also used to prevent misuse of the registration and to ensure our IT systems are secure. 1.3. Legal basis for processing The legal basis for processing login data collected during registration is Article 6(1)(b) DSGVO. 1.4. Duration of processing After completing implementation of the user contract to use the services on the portal or erasing the user profile the data will be erased or processing restricted if it is subject to file retention periods under commercial and tax law. The data will be erased at the end of the statutory retention periods at the latest unless the user has expressly consented to further use of the data. 2. User profile information 2.1 Description and scope of processing In line with using the portal the users create a user profile. When creating this profile the required information collected and stored is the email, user name, photo, personality and demographic data like gender, age, relationship status. We will also collect and save additional optional information from the user as indicated in the respective input screen. At the time the profile information is saved, the following non-public data (log file data) is also collected: ● The user’s geo coordinates - if user has accepted the location permission ● Date and time 2.2 Purpose of processing The data collected during registration is used for the purpose of implementing the user contract and to use the app with all its services and functions. The log file data is further used to prevent misuse of the registration and to ensure our IT systems are secure. 2.3 Legal basis for processing The legal basis for processing the professional’s data is Article 6(1)(b) DSGVO. 2.4 Duration of processing After completing implementation of the user contract to use the portal service or after deleting your user profile your data will be deleted or processing restricted if required based on retention periods under tax and commercial law. The data will be erased at the end of the statutory retention periods at the latest unless the user has expressly consented to further use of the data. IV. Adding contents 1. Adding personality 1.1. Description and scope of processing The portal allows users to enter their personality traits so that they can receive personalized recommendations of activities. The personality profiles of users are private on the portal. With respect to creating the personality traits profile we use service providers (processors) located in the EU to host any personality data provided by the user. 1.2. Purpose of processing The user's personality data is processed for the purpose of implementing the functions on the portal in line with the user matching with the activities. 1.3. Legal basis for processing The legal basis for processing user data is Article 6(1)(b) DSGVO. 1.4. Duration of processing The user may at any time delete his profile. In this case, or at the latest after completing implementation of the user contract to use the portal service or after deleting your user profile your data will be deleted or processing restricted if required based on retention periods under tax and commercial law. The data will be erased at the end of the statutory retention periods at the latest unless the user has expressly consented to further use of the data. V. Comments and reviews 1. Reviews 1.1. Description and scope of processing Users are able to review the recommended activities. These reviews are intended for gather feedback about the recommended activities and to receive assistance on matters related to the respective activities. The user adds his review using the respective input screen. Apart from this the review data is not shared with third parties. 1.2. Purpose of processing The review function is intended for making the recommendations more personalized and to promote interaction between users and the recommended activities. The review function further serves the needs of users to obtain information about individual contents or receive assistance with their matters. This processing therefore serves the functions provided in the portal in line with the user relationship and used by the user. 1.3. Legal basis for processing The legal basis for processing user data is Article 6(1)(b) DSGVO. 1.4. Duration of processing The user cannot modify his review. The history of reviewed activities can be deleted any time, which will delete the associated user attributes from the review. VII. Cookies, analytics and other third-party services 1. Cookies 1.1. Description and scope of processing The portal uses cookies. These are small text files the browser on your device stores to your device which provide the entity which added the cookie with information. We use these cookies to make the visit to our portal appealing, to enable use of certain functions, and to enable us to show you products tailored to you. Some of the cookies used in connection with the portal are deleted at the end of the respective session, so after closing your browser (so-called session cookies). Other cookies, however, remain on your device after closing the session and allow us to recognize your browser when you return to portal (persistent cookies). You can see how long the respective cookies are stored in the list under your browser’s cookie settings. You can further configure your browser to be notified before cookies are added and decide whether to accept the cookie, or block certain or all cookies. Please refer to the respective cookie settings for your browser. However, please note that blocking cookies may limit the functionality of our portal. The cookies used also collect data about your browsing behavior on our portal. However, technical measures are in place to pseudonymize the data collected. The data therefore can no longer be matched with the respective user. 1.2. Purpose of data processing The purpose of processing is for one to make the website easier for the user to navigate. In addition, some functions on our portal cannot be offered without the use of cookies. These further require being able to recognize the browser after switching pages. Cookies are used for analysis purposes to improve the quality and contents of our website. These analysis cookies provide us with information about the use of the website and the apps so we can continue to improve our service. The above purposes also constitute our legitimate interest in data processing according to Article 6(1)(f) DSGVO. 1.3. Legal basis for processing The legal basis for data processing through cookies is Article 6(1)(f) DSGVO. 1.4. Duration of processing The cookies are saved to your device and transmitted to our portal. The respective user is therefore in complete control of the use of cookies. You can block or restrict the use of cookies by changing the cookie settings in your internet browser. Cookies which were previously saved to your device can be deleted at any time. This can also be done automatically. However, when blocking cookies for our website you may not be able to make full use of all functions of the portal. 2. Firebase and Google Analytics 2.1. Description and scope of processing We also use Firebase and Google Analytics on our portal for web and app analysis purposes. This is an analysis service provided by Google LLC (www.google.com). Google Analytics uses methods which enable analyzing how the respective user uses our portal. This allows us to optimize our service and tailor it to the needs of the users. The information about your use of this website which the cookie collects automatically is typically transmitted to a Google server in the USA, where it is then stored. IP anonymization is enabled on our portal, which truncates the IP address prior to transmission within member states of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptions. The anonymous IP address transmitted by your browser in line with Google Analytics is never merged with other Google data. Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. Based on this agreement between the USA and the European Commission, the latter established an appropriate level of data protection for Privacy Shield certified companies. 2.2. Purpose of processing The purpose of processing is to analyze browsing behavior to optimize the service and to tailor our portal to the needs of the users. This also constitutes our legitimate interest according to Article 6(1)(f) DSGVO. 2.3. Legal basis for processing The legal basis for data processing in line with web and app analysis is Article 6(1)(f) DSGVO. 2.4. Duration of processing, objection or removal If the purpose no longer applies and we no longer use Google Analytics the data collected in this context will be erased. You can prevent the data about your use of the website generated by the cookie (including your IP address) from being transmitted to Google and processed by Google by downloading and installing the browser plugin: http://tools.google.com/dlpage/gaoptout 3. Hotjar web analysis 3.1 Description and scope of processing Our portal will use Hotjar for web analysis. This is an Analysis service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar allows us to log and analyze the browsing behavior on our website. In addition to information relate to browsing behavior, it collects information about the operating system, the internet browser, incoming or outgoing links, the geographic origin, and information about the device being used. Hotjar can further obtain direct feedback. The data is processed anonymously. For more information please visit Hotjar at https://www.hotjar.com/privacy. You can further block web analysis using Hotjar. By clicking the link https://www.hotjar.com/opt-out your browser will store a cookie on your device which prevents further analysis. Please note, after deleting cookies on your device you will need to click the link again. 3.2 Purpose of processing The purpose of processing is to analyze browsing behavior to optimize the service and to tailor our portal to the needs of the users. This also constitutes our legitimate interest according to Article 6(1)(f) DSGVO. 3.3 Legal basis for processing The legal basis for data processing in line with web and app analysis is Article 6(1)(f) DSGVO. 3.4 Objection / removal You can prevent web analysis through Hotjar at any time. By clicking the link https://www.hotjar.com/opt-out your browser will store a cookie on your device which prevents further analysis. Please note, after deleting cookies on your device you will need to click the link again. 4. Google AdWords with conversion tracking 4.1 Description and scope of processing Our portal uses Google AdWords along with so-called conversion tracking (Google AdWords) to analyze our marketing efforts. This is a service provided by Google LLC (www.google.com). When clicking on an ad placed by Google a conversion tracking cookie is added to your device. These cookies are temporary and contain no personal data. They can therefore not be used to identify the user. When visiting our website and the cookie is still valid, both we and Google can determine you clicked the respective Google ad and as a result visited our website. The information collected through conversion tracking are used to compile so-called conversion statistics. This provides us with information about the total number of users who have clicked on one of our ads and were redirected to a page with a conversion tracking tag. It does not enable identifying the user. For more information please refer to the Google privacy policy: ( https://policies.google.com/privacy Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. Based on this agreement between the USA and the European Commission, the latter established an appropriate level of data protection for Privacy Shield certified companies. 4.2 Purpose of processing Processing serves the purpose of analyzing and optimizing of our marketing efforts, thus also the effective operation of our portal. This also constitutes our legitimate interest according to Article 6(1)(f) DSGVO. 4.3 Legal basis for processing The legal basis for processing is Article 6(1)(f) DSGVO. 4.4 Objection / removal You can prevent cookies from being saved and your browsing behavior being analyzed at any time by configuring your browser settings accordingly. However, please note that in this case you may not be able to make full use of all functions of the portal. You can also disable customized ads in the Google advertising settings. For instructions please visit https://support.google.com/ads/answer/2662922 . Controller, contact information and rights of the data subject. When your personal data is processed, you are the data subject as defined by DSGVO and have the following rights against us, the controller (unless already disclosed above under D in connection with the respective processing of your data): I. Controller name, address and contact information The controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations with respect to processing personal data related to this portal is: LifeTap GmbH Wilhelm-Caspar-Wegely Platz 9, 10623 Berlin Deutschland E-Mail: privacy@lifetap-ai.com Website: www.lifetap-ai.com II. Data protection officer contact information The data protection officer for the controller can be contacted at: Fabio Molinari UG Wilhelm-caspar-wegely Platz 9, 10623, Berlin Deutschland E-Mail: molinarifabio15 [at] gmail [dot] com III. Rights of data subjects 1. Right of access According to Article 15 DSGVO you can request the controller to confirm whether we process personal data concerning you. If your personal data has been processed, you can request to be informed of the following: (1) the purposes for which the personal data is processed; (2) the categories of personal data, which are processed; (3) the recipients or categories of recipients, to whom your personal data was disclosed or will be disclosed; (4) the planned duration of the storage of your personal data or, if specific information is not available here, criteria for determining the duration of storage; (5) the existence of a right to rectification or erasure of your personal data, a right to the restriction of processing by the controller or a right to object to such processing; (6) the existence of the right to file a complaint with a supervisory authority; (7) all available information on the source of the data if the personal data is not collected from the data subject; (8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request information on whether or not your personal data is transmitted to a third country or an international organization. In this context, you can request being informed about the appropriate guarantees in accordance with Article 46 of the GDPR in connection with the transmission. 2. Right to rectification According to Article 16 DSGVO you have the right to request the controller to rectify your data if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay. 3. Right to restriction of processing According to Article 18 GDPR you can request a restriction of the processing of your personal data under the following conditions: (1) if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or (4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing was restricted according to the preceding conditions, you will be informed by the controller before the restriction is lifted. 4. Right to erasure 4.1 Obligation to erase You can request the controller to immediately erase your personal data and the controller is obligated to immediately erase said data, provided that one of the following reasons applies: (1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. (2) You revoke your consent, which was based on processing in accordance with Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO, and where there is no other legal basis for processing. (3) You object to processing in accordance with Article 21(1) DSGVO and there are no overriding legitimate grounds for processing, or you object to processing according to Article 21(2) GDPR. (4) Your personal data was processed illegally. (5) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. (6) Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. 4.2 Disclosure to third parties If the controller publicized your personal data and is obligated to erase it in accordance with Art. 17 sec. 1 of the GDPR, the controller will take appropriate measures taking the available technology and implementation costs into account, including technical means, to inform data controllers, which process the personal data, that you have requested them to erase all links to this personal data or copies or replications of this personal data. 4.3 Exceptions This right to erasure specifically does not apply if processing is required (1) to exercise the right to freedom of expression and information; (2) to fulfill a legal obligation required by the law of the European Union or the Member States, which the controller is subject to or to carry out a task in the public interest or is carried out in exercising official authority, which was delegated to the controller; (3) for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR; (4) to assert, exercise or defend legal claims. 5. Right to information If you asserted the right to rectification, erasure or restriction of processing with the controller, according to Article 19 GDPR the controller is obligated to notify all recipients, to which your personal data was disclosed, of this correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to request the controller to inform you of these recipients. 6. Right to data portability Under Article 20 GDPR you have the right to receive the personal data you provided to the controller in a structured, prevalent and machine-readable format. You also have the right to transfer this data to another controller without any hindrance by the controller the personal data was made available to, provided that (1) the processing is based on consent in accordance with Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO or on a contract in accordance with Article 6(1)(b) DSGVO and (2) processing is conducted using automated procedures. In exercising this right, you also have the right to initiate that your personal data is directly transmitted to another controller by a controller, insofar as this is technically feasible. The freedoms and rights of other persons can not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or which takes place in exercising official authority, which was delegated to the controller. 7. Right to file a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, according to Article 77 GDPR you have the right to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority the complaint was filed with must inform the complainant of the status and results of the complaint including the possibility of a judicial remedy in accordance with art. 78 of the GDPR. D. Data security To ensure your data is secure we use the commonly used SSL protocol (Secure Socket Layer) on our website in conjunction with the highest level of encryption supported by your browser. This is typically 256 bit encryption. If your browser does not support 256 bit encryption, we will instead use 128 bit v3 technology. You can determine whether a specific page on our website is encrypted by the closed padlock icon in your address bar of your browser.