The operator takes the protection of your data seriously and adheres to data protection laws. These laws protect natural persons in the processing of personal data. Personal data is any information that relates to an identified or identifiable natural person. Such data will only be processed to the extent necessary for contract execution or to provide and improve the platform. The contract will only be processed if you initiate or conclude a contract with the operator; in this respect, reference is additionally made to the operator’s Terms and Conditions. Data shall only be processed for the purpose of provision and improvement insofar as this is indicated below or in a separate declaration of consent, if it is ordered by the authorities or a court or otherwise prescribed by law. The data are only processed by the operator or by the operator’s processor in the Member States of the European Union (EU) or the European Economic Area (EEA). In particular, therefore, servers used by the data-processing operator are located in the Member States of the EU or the EEA. Data are generally not transmitted to third countries or an international organisation.
Your data are processed either based on a form or form-independently. Data processed on the basis of a form are such data that you specify in a form on the platform or that you transfer to our servers when you upload a profile picture. Form-independent data are such data that are transmitted when you visit the platform, even if you do not specify this in a form.
The data you provide in a form on the platform will be processed when the form is used, including after submission of the form. The same applies to profile photos that you upload to your account. In particular, this may be data for establishing contact, subscribing to a newsletter, comments on the platform and, as far as you are a customer of the operator, data relating to a customer account. Personal data that you send via a form provided for this purpose are always transmitted to the operator’s server in encrypted form.
a) User account
On naughtysecret.co.uk, you can set up a user account by specifying your email address. In this regard, data specified during account setup and possibly later via the forms in your customer account, especially your date of birth, your profile information including height, figure, weight, hair colour, relationship status, information about your interests (etc.), will be stored on the operator’s servers and displayed to other users as long as they have the gender specified in your search profile. We will regularly send you up-to-date information about your user account, especially partner suggestions and messages about contact attempts by other users, to the email address you have provided. You can view the stored data at any time via your customer account and correct or complete it using the forms in the settings. Of course, you can also personally contact the operator, for example by email to the address mentioned above. The same applies for the deletion of your customer account. However, your address and order data can only be deleted if they are no longer required for the execution of the contract and do not conflict with statutory retention requirements; the processing of your data is thus restricted, in particular, your customer account shall be blocked.
b) Contact between users
As a user of a paid premium account, you can contact other users via your user account. This can be done either via the function "Flirt" or by sending a personal message via the internal messaging system. The metadata from such contacts, i.e. your data as the sender, the data of the recipient, the type of contact and, if applicable, the content of the message you send, will be stored at the time the form is sent. In addition, your profile information, how you are contacted, the time and, if applicable, the content of the message you send, will be displayed to the relevant recipient, provided that they are users with a paid premium account. Your email address will not be published. In addition, your IP address is saved in order to prevent misuse of the contact function (e.g. spam).
c) Contact form
If you contact the operator by means of a form, the data you enter in the contact form will be encrypted and sent to the operator in an email via the operator’s server. This can include, for example, your query, your name, your email address and further contact details. No further automated processing of your personal data will take place. The data will only be used to process your request. Answers are generally sent by encrypted email, provided your email service provider supports this. The same applies if you contact the operator by email to an address stated on the platform instead of using a contact form. After your query has been processed, the personal data you entered in the contact form or in an email to the operator will be deleted. This does not apply if the data are still required for the execution of the contract, for evidence purposes or in the event of a conflict with statutory retention requirements; however, the processing of your data will be restricted until then.
Data required by the operator for the provision or improvement of the platform are processed form-independently. These may in particular include cookies, your IP address and statistical data. As far as technically possible, personal data are also generally encrypted for form-independent processing.
The platform uses so-called cookies. These are small text files or simple entries in a database that your browser stores. The data in the cookies can only be read by the platform that saved them. Cookies are used to make web pages more user-friendly and secure. Cookies containing personal data are only stored or read via an encrypted connection. The platform uses so-called session cookies. Such cookies can be used, for example, to ensure that no other user can access the data you provided in a form or stored in any customer account. Session cookies are deleted after each visit to the platform, such as when you close your browser. These data will not be processed or disclosed to third parties for any other purpose. The cookies used by the platform do not harm your device (e.g. computer / tablet); in particular, they contain no viruses. You can prevent the storage of cookies via a corresponding setting in your browser; in this case, you may not be able to use all features of the platform. The same applies for the deletion of stored cookies.
b) Web analysis
You can also prevent data collection by Google Analytics by clicking on the following link. In this case, no browser plug-in will be downloaded and installed, but an opt-out cookie will be set to prevent the collection of your data when you visit the platform:
c) Access log
In order to ensure the security and functionality of the platform (e.g. defence against attacks), an access log (log file) is created on the operator’s server. The log stores data about access to the platform. These data are transferred to the platform when your browser connects to it. This includes your IP address, which is truncated before being stored, the time of access, which address (URL) was accessed, whether the access was successful and how large the data transmitted by the server was. If your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be saved; if required, you can prevent the transmission of these data via the settings of your browser. The log files are deleted at regular intervals, at the latest by the end of the next calendar month. The log files may be evaluated statistically beforehand. The logged data are stored separately from other data you leave on the platform and will not be merged with them. They will not be disclosed to third parties and will not be used for any other purpose. The statistical evaluation of the log files does not allow any identification of your person.
d) Social networks
e) Google reCAPTCHA
We use the reCAPTCHA feature of Google on our websites. This function is used to distinguish whether an input is made by a natural person or is abusive i.e. made by a machine or automated processing. The service includes sending the IP address and possibly other data required by Google for the reCAPTCHA service to Google.
The legal regulations for data protection can be found in particular in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). However, as of May 25, 2018, the General Data Protection Regulation (GDPR) will prevail. If you have expressly consented to the processing of your data, this is also the legal basis for the processing of the data for the purposes for which you have consented (Article 6 par. 1 a GDPR). Insofar as data processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 par. 1 b GDPR). These include contracts concluded via the platform or initiated at your request, in particular for the use of our online dating platform. Moreover, the legal basis of data processing is the preservation of the legitimate interests of the operator (Article 6 par. letter f GDPR). This concerns the economic interest in the operation of the platform, in particular in the mediation of personal contacts. There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR.
If you are concerned about the processing of your personal data, you have rights against the data controller under the data protection regulations. You can contact the operator at any time to enforce these rights, for example by email to the address mentioned above. The same applies to other questions about data protection by the operator. In addition to the operator, the operator’s data protection officer is also at your disposal: Attorney Daniel Raimer from the law office Daniel Raimer in Düsseldorf; the data protection officer’s contact details can be found in their Imprint.
a) Right of revocation
Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent to data processing at any time. Revocation of consent does not affect the legality of the processing carried out on the basis of the consent before revocation.
b) Right of objection
Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time. This applies in particular to an objection to the processing for the purpose of direct advertising.
c) Right to complain
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates legal provisions. This right is without prejudice to any other administrative or judicial remedy.
d) Right of access
Pursuant to Art. 15 GDPR, you have the right to request information from the operator. In particular, your right of access includes the right to a copy of your processed personal data, in addition to any other information that you may already obtain, in particular information contained in this policy. Furthermore, the restrictions under § 34 BDSG also apply with regard to right of access.
e) Right to rectification
Pursuant to Art. 16 GDPR, you have the right to demand the correction of any incorrect personal data concerning you by the operator without delay. In addition, with regard to the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
f) Right to deletion
Pursuant to Art. 17 GDPR, you have the right to demand the deletion of personal data concerning you by the operator. If these data do not require deletion thereafter, you may demand the restriction of further processing. In addition, the restrictions according to § 35 BDSG apply to the right to deletion. The right to deletion includes the so-called right to be forgotten.
g) Right to restriction
Pursuant to Art. 18 GDPR, you have the right to require the operator to restrict the processing of your personal data. Apart from their storage, these data may then generally no longer be processed.
h) Right to data portability
Pursuant to Art. 20 GDPR, you have the right to transfer personal data concerning you, which you have provided to the operator. Your right to deletion remains unaffected.
i) Notification obligation
Pursuant to Art. 19 GDPR, the operator informs all recipients to whom your personal data have been disclosed of any correction or deletion of these data or any restriction in their processing unless this proves to be impossible or involves a disproportionate effort. The operator will inform you about such recipients, if you request it.
The operator shall take appropriate technical and organisational measures to ensure that the processing of data is conducted in accordance with the law, taking into account the nature, scope, circumstances and purposes of the processing and the different likelihood and severity of the risks to your rights and freedoms. Only those persons (employees) subject to the operator who need this for the performance of their duties will have access to personal data, and only to the extent required. The operator’s employees are instructed in advance in the data processing and committed to secrecy. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.