Privacy Policy

This privacy policy applies to the processing of your data, including your personal data, via the internet page "naughtysecret.co.uk" including all its subpages (platform). date4friend AG, Bahnhofstrasse 16, 6300 Zug, Switzerland (operator) is responsible for data processing. The operator can be reached via the customer support system provided. Full contact details can be found in the Imprint. The platform serves the operation of an online dating portal. You can retrieve the content of this policy at any time via the subpage of the same name on the platform, and also save or print it using the corresponding function of your browser.


1. Preliminary remarks

The operator takes the protection of your data seriously and adheres to data protection laws. These laws protect natural persons in the processing of personal data. Personal data is any information that relates to an identified or identifiable natural person. Such data will only be processed to the extent necessary for contract execution or to provide and improve the platform. The contract will only be processed if you initiate or conclude a contract with the operator; in this respect, reference is additionally made to the operator’s Terms and Conditions. Data shall only be processed for the purpose of provision and improvement insofar as this is indicated below or in a separate declaration of consent, if it is ordered by the authorities or a court or otherwise prescribed by law. The data are only processed by the operator or by the operator’s processor in the Member States of the European Union (EU) or the European Economic Area (EEA). In particular, therefore, servers used by the data-processing operator are located in the Member States of the EU or the EEA. Data are generally not transmitted to third countries or an international organisation.


2. Data processing

Your data are processed either based on a form or form-independently. Data processed on the basis of a form are such data that you specify in a form on the platform or that you transfer to our servers when you upload a profile picture. Form-independent data are such data that are transmitted when you visit the platform, even if you do not specify this in a form.


2.1 Form-based data processing

The data you provide in a form on the platform will be processed when the form is used, including after submission of the form. The same applies to profile photos that you upload to your account. In particular, this may be data for establishing contact, subscribing to a newsletter, comments on the platform and, as far as you are a customer of the operator, data relating to a customer account. Personal data that you send via a form provided for this purpose are always transmitted to the operator’s server in encrypted form.

a) User account

On naughtysecret.co.uk, you can set up a user account by specifying your email address. In this regard, data specified during account setup and possibly later via the forms in your customer account, especially your date of birth, your profile information including height, figure, weight, hair colour, relationship status, information about your interests (etc.), will be stored on the operator’s servers and displayed to other users as long as they have the gender specified in your search profile. We will regularly send you up-to-date information about your user account, especially partner suggestions and messages about contact attempts by other users, to the email address you have provided. You can view the stored data at any time via your customer account and correct or complete it using the forms in the settings. Of course, you can also personally contact the operator, for example by email to the address mentioned above. The same applies for the deletion of your customer account. However, your address and order data can only be deleted if they are no longer required for the execution of the contract and do not conflict with statutory retention requirements; the processing of your data is thus restricted, in particular, your customer account shall be blocked.

b) Contact between users

As a user of a paid premium account, you can contact other users via your user account. This can be done either via the function "Flirt" or by sending a personal message via the internal messaging system. The metadata from such contacts, i.e. your data as the sender, the data of the recipient, the type of contact and, if applicable, the content of the message you send, will be stored at the time the form is sent. In addition, your profile information, how you are contacted, the time and, if applicable, the content of the message you send, will be displayed to the relevant recipient, provided that they are users with a paid premium account. Your email address will not be published. In addition, your IP address is saved in order to prevent misuse of the contact function (e.g. spam).

c) Contact form

If you contact the operator by means of a form, the data you enter in the contact form will be encrypted and sent to the operator in an email via the operator’s server. This can include, for example, your query, your name, your email address and further contact details. No further automated processing of your personal data will take place. The data will only be used to process your request. Answers are generally sent by encrypted email, provided your email service provider supports this. The same applies if you contact the operator by email to an address stated on the platform instead of using a contact form. After your query has been processed, the personal data you entered in the contact form or in an email to the operator will be deleted. This does not apply if the data are still required for the execution of the contract, for evidence purposes or in the event of a conflict with statutory retention requirements; however, the processing of your data will be restricted until then.

d) Newsletter

The operator gives you the option to receive a newsletter by email. In order for you to receive such a newsletter, the operator needs your email address. In addition, the operator needs further data to verify that you agree to the newsletter subscription as the owner of the specified address. For this purpose, the operator uses the so-called Double-Opt-In procedure (DOI). This means that after registration, you will receive an email with an individual link which you can use to confirm your registration (confirmation link). Only after confirmation will you receive the newsletter. For the DOI, its verification and the prevention of misuse, the time and the IP address of the registration and confirmation as well as the confirmation link are stored in addition to your email address. No further data will be processed. The data shall only be processed in order to be able to offer and send the newsletter. As a rule, the data relating to you will not be disclosed to third parties. The operator can, however, use a mail service provider who processes the data on their behalf in accordance with the statutory provisions and the specifications of this privacy policy, and the mail service is thus not a third party. To unsubscribe from the newsletter, you can use the corresponding link in one of the newsletters (unsubscribe link) or contact the operator personally, for example by email to the address mentioned above. Unsubscribing from the newsletter also revokes your consent to the newsletter subscription and the required data processing. If you unsubscribe from the newsletter or do not complete the DOI within two weeks, your data will be deleted unless they are still required to verify a DOI or to prevent misuse; however, the processing of data is limited. Newsletter subscription is processed via an encrypted connection. Furthermore, the newsletter is sent in encrypted form, provided your mail service provider supports this.


2.2 Form-independent processing

Data required by the operator for the provision or improvement of the platform are processed form-independently. These may in particular include cookies, your IP address and statistical data. As far as technically possible, personal data are also generally encrypted for form-independent processing.

a) Cookies

The platform uses so-called cookies. These are small text files or simple entries in a database that your browser stores. The data in the cookies can only be read by the platform that saved them. Cookies are used to make web pages more user-friendly and secure. Cookies containing personal data are only stored or read via an encrypted connection. The platform uses so-called session cookies. Such cookies can be used, for example, to ensure that no other user can access the data you provided in a form or stored in any customer account. Session cookies are deleted after each visit to the platform, such as when you close your browser. These data will not be processed or disclosed to third parties for any other purpose. The cookies used by the platform do not harm your device (e.g. computer / tablet); in particular, they contain no viruses. You can prevent the storage of cookies via a corresponding setting in your browser; in this case, you may not be able to use all features of the platform. The same applies for the deletion of stored cookies. For more information, please see our Cookie Policy

b) Web analysis

The platform uses Google Analytics, a web analytics service of Google LLC based in the US (Google). Google is certified under the Privacy Shield, an EU-US data protection agreement, and processes the analysis data on our behalf. Google Analytics also uses cookies to enable analysis of platform usage. The information generated by the cookie about your use of the platform is usually transmitted to a Google server in the US and stored there. However, we have activated IP anonymisation so that your IP address will be truncated within member states of the EU or other parties to the Agreement on the European Economic Area (EEA) before being transferred to the US. On our behalf, Google will process this information in order to evaluate your use of the platform, to compile reports on the activities on the platform and to provide us with other services related to the platform and internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google information. The cookie, and thus the reference to activities on the platform, will be deleted two months after your last visit. In addition, you may prevent the collection of cookie-generated and internet-related information (including your IP address) by Google and the processing of such data by Google by downloading and installing the browser plug-in available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

You can also prevent data collection by Google Analytics by clicking on the following link. In this case, no browser plug-in will be downloaded and installed, but an opt-out cookie will be set to prevent the collection of your data when you visit the platform:

Disable Google Analytics

Of course, this requires that you do not prevent the storage of cookies or delete the opt-out cookie in your browser settings. For more information about Google Analytics data processing, see the Google Privacy Policy:

https://policies.google.com/privacy?hl=en

c) Access log

In order to ensure the security and functionality of the platform (e.g. defence against attacks), an access log (log file) is created on the operator’s server. The log stores data about access to the platform. These data are transferred to the platform when your browser connects to it. This includes your IP address, which is truncated before being stored, the time of access, which address (URL) was accessed, whether the access was successful and how large the data transmitted by the server was. If your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be saved; if required, you can prevent the transmission of these data via the settings of your browser. The log files are deleted at regular intervals, at the latest by the end of the next calendar month. The log files may be evaluated statistically beforehand. The logged data are stored separately from other data you leave on the platform and will not be merged with them. They will not be disclosed to third parties and will not be used for any other purpose. The statistical evaluation of the log files does not allow any identification of your person.

d) Social networks

The platform enables the creation of links to Facebook, which is operated from Ireland by Facebook Ireland Limited for European users. However, such links are only made after you have pressed the Facebook button on the platform. Due to the processing of personal data by social networks, on which the operator has no influence, reference is made to the privacy policy of Facebook:

https://www.facebook.com/privacy/explanation

e) Google reCAPTCHA

We use the reCAPTCHA feature of Google on our websites. This function is used to distinguish whether an input is made by a natural person or is abusive i.e. made by a machine or automated processing. The service includes sending the IP address and possibly other data required by Google for the reCAPTCHA service to Google.

Additional information about Google reCAPTCHA and Google's privacy policy can be found at: https://policies.google.com/privacy.


3. Legal basis

The legal regulations for data protection can be found in particular in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). However, as of May 25, 2018, the General Data Protection Regulation (GDPR) will prevail. If you have expressly consented to the processing of your data, this is also the legal basis for the processing of the data for the purposes for which you have consented (Article 6 par. 1 a GDPR). Insofar as data processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 par. 1 b GDPR). These include contracts concluded via the platform or initiated at your request, in particular for the use of our online dating platform. Moreover, the legal basis of data processing is the preservation of the legitimate interests of the operator (Article 6 par. letter f GDPR). This concerns the economic interest in the operation of the platform, in particular in the mediation of personal contacts. There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR.


4. Your rights

If you have any questions about this privacy policy or wish to exercise your rights, please contact us. For this purpose, you can contact the operator directly at any time, e.g. by mail, at the address given in the imprint. In addition, the operator's data protection officer is also available to you: Mr. Daniel Raimer, lawyer, from the law firm Daniel Raimer in Düsseldorf; the contact details of the data protection officer can be found in his Imprint.

The representative of the operator in the EU is Ms. in Düsseldorf, Germany. The representative can be reached directly by e-mail and serves in the EU in addition to the operator as a point of contact for questions relating to the processing of personal data under GDPR. Please note that the representative and their contact email is only available for GDPR related queries. All other requests (e.g. cancellations, feedback on the product, etc.) will NOT be handled by our representative; please contact our customer service via support@mycustomercare.ch.

a) Right of revocation

Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent to data processing at any time. Revocation of consent does not affect the legality of the processing carried out on the basis of the consent before revocation.

b) Right of objection

Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time. This applies in particular to an objection to the processing for the purpose of direct advertising.

c) Right to complain

Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates legal provisions. This right is without prejudice to any other administrative or judicial remedy.

d) Right of access

Pursuant to Art. 15 GDPR, you have the right to request information from the operator. In particular, your right of access includes the right to a copy of your processed personal data, in addition to any other information that you may already obtain, in particular information contained in this policy. Furthermore, the restrictions under § 34 BDSG also apply with regard to right of access.

e) Right to rectification

Pursuant to Art. 16 GDPR, you have the right to demand the correction of any incorrect personal data concerning you by the operator without delay. In addition, with regard to the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

f) Right to deletion

Pursuant to Art. 17 GDPR, you have the right to demand the deletion of personal data concerning you by the operator. If these data do not require deletion thereafter, you may demand the restriction of further processing. In addition, the restrictions according to § 35 BDSG apply to the right to deletion. The right to deletion includes the so-called right to be forgotten.

g) Right to restriction

Pursuant to Art. 18 GDPR, you have the right to require the operator to restrict the processing of your personal data. Apart from their storage, these data may then generally no longer be processed.

h) Right to data portability

Pursuant to Art. 20 GDPR, you have the right to transfer personal data concerning you, which you have provided to the operator. Your right to deletion remains unaffected.

i) Notification obligation

Pursuant to Art. 19 GDPR, the operator informs all recipients to whom your personal data have been disclosed of any correction or deletion of these data or any restriction in their processing unless this proves to be impossible or involves a disproportionate effort. The operator will inform you about such recipients, if you request it.


5. Concluding remarks

The operator shall take appropriate technical and organisational measures to ensure that the processing of data is conducted in accordance with the law, taking into account the nature, scope, circumstances and purposes of the processing and the different likelihood and severity of the risks to your rights and freedoms. Only those persons (employees) subject to the operator who need this for the performance of their duties will have access to personal data, and only to the extent required. The operator’s employees are instructed in advance in the data processing and committed to secrecy. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.