Privacy & Policies
Last updated: March 18, 2019
Data Protection Statement
Diamond App Group LLC takes the protection of your personal data seriously. Below you will find more information concerning the scope and purpose of collecting data.
Principle of anonymous data use
When you access our website or Apps, some information, such as IP address, is transferred. You are also providing information about the geographic location in which your device is located. We cannot use this data to identify an individual user.
Collection and processing of personal data
We only collect personal data in order to setup an account to use our apps. We use the personal data you provide only to the extent that your data is necessary for rendering or processing our services. We store your data for as long as is necessary to achieve the intended purpose or until you delete your account or for as long as legal retention periods require data to be stored. Your data is subsequently deleted in accordance with legal requirements or processing is restricted. The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.
Registering for an Account
|Data||Purpose of processing||Legal basis of processing||Storage period|
|First name||Direct address & presentation||Performing the contractual relationship||Up to 30 days after deletion of the customer account|
|Last name||Direct address & presentation||Performing the contractual relationship||Up to 30 days after deletion of the customer account|
|Email address||Customer account identification||Performing the contractual relationship||Up to 30 days after deletion of the customer account|
|Password||Customer account identification||Performing the contractual relationship||Up to 30 days after deletion of the customer account|
|IP address at login||Data transfer at registration to web server||Performing the contractual relationship||Indefinite|
|Profile photo*||Direct address & presentation||Consent||Up to 30 days after deletion of the customer account|
* Optional information
Registering with Facebook or Google
We also offer you the opportunity to create your account using your Facebook or Google account, or to link your account to your Facebook or Google account. You can register or log in using your Facebook or Google account if you simply use Facebook or Google instead of the other options while registering for your account.
You will then be forwarded to Facebook or Google (where you must be logged in or register for an account) and you will receive an explanation of what types of data we need from Facebook or Google, namely your public profile information such as first and last name, and the email address associated with your account.
This information is required for identification purposes in order to create a secure account for you. Your Facebook or Google account and your account with us will be permanently linked using your email address. As soon as you log in to Facebook or Google, you can log in to your account with us. We will not share any information about you with Facebook or Google without your consent.
Important: We do not record your Facebook or Google login data, and cannot post anything to your Facebook or Google profile without your express consented.
|Data||Purpose of processing||Legal basis of processing||Storage period||Platform|
|First name||Direct address & presentation||Performing the contractual relationship||Up to 30 days after deletion of the customer account||Facebook/Google|
|Last name||Direct address & presentation||Performing the contractual relationship||Up to 30 days after deletion of the customer account||Facebook/Google|
|Email Address||Direct address & presentation||Performing the contractual relationship||Up to 30 days after deletion of the customer account||Facebook/Google|
|Password||Direct address & presentation||Performing the contractual relationship||Up to 30 days after deletion of the customer account||Facebook/Google|
|IP address at login||Data transfer at registration to web server||Performing the contractual relationship||Indefinite||Facebook/Google|
We require these access options and information to ensure the technical function of our app and to provide the services offered with the app.
We will request the following permissions for the purpose described below:
|Camera||Taking photos for profile/feed|
|Photo library||Selection of photos for profile/feed|
|Delivery of push notifications||Receipt of push notifications|
|Mobile data/WLAN (granted by the operating system)||Use of Internet and downloading of new content|
Push notifications as part of the user experience
We require your consent if you wish to receive our push notifications on your mobile iOS device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings.
|Name of provider||Provider type||Data transfer to third party country||Third party country||Guarantees in acc. with Art. 44 ff GDPR|
|Google Firebase||Order processor||Yes||USA||EU standard contractual clauses EU/US Privacy Shield|
|Data||Purpose of processing||Legal basis of processing||Storage period|
|User data that are also accessible in your public profile||Direct approach||Consent||Until revocation of consent|
Google Marketing Services
On our apps we use the marketing and re-marketing services of Google Admob, which allows us to display advertisements in a more targeted manner in order to present advertisements of interest to users.
In integrating with Google’s ad services, we share certain information with Google, such as the name of the app and a unique identifier for advertising.
Google uses the information shared by apps to deliver their services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads you see on Google and on our apps.
Facebook Marketing Services
We use the “visitor action pixels” from Facebook Inc. (Menlo Park, California) on our website so that user behavior can be tracked after users have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
We also use Facebook’s Software Development Kit (SDK) within our apps, in order to link various Facebook services with our apps. For example, this enables users to be able to use the Facebook SDK to share content from our apps within their Facebook timeline or to send messages to other Facebook users. Further information about the Facebook SDK within iOS can be found here: https://developers.facebook.com/docs/ios. For Android, please refer to: https://developers.facebook.com/docs/android. Facebook App Events: We use the Facebook App Events service though the Facebook SDK to track the reach of our advertising campaigns and the use of the Facebook SDK. Facebook merely provides us with an aggregated analysis of user behavior with our app. We have no influence beyond that on the information that will be processed through App Events by Facebook. In our app settings, you can opt out of using App Events for these purposes.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b and f GDPR. If you do not wish to be tracked by Facebook in the future, you can opt out at any time by writing an email to firstname.lastname@example.org.
Facebook Custom Audience
As part of usage-based online advertising, the Custom Audience product from Facebook (Facebook Custom Audience 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on the website. Generally speaking, a non-reversible and non-personal checksum (hash value) is generated from your usage data which can be sent to Facebook for analysis and marketing purposes. In doing so, a tracking pixel from Facebook is set on our website. This collects information on your activity on the website (such as surfing behavior, subpages visited, etc.). Your IP address is stored and used to direct geographically-based advertising.
You have the option of objecting to targeting by Facebook using the link (https://www.facebook.com/ads/website_custom_audiences).
Firebase by Google
We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.
Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list can be found here: https://firebase.google.com/terms/. Some Firebase services process personal data. In most cases, the personal data is limited to so-called "instance IDs", which are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage behavior, for example by evaluating crash reports.
Currently, we use the following Firebase services:
Google Analytics for Firebase: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. You can find more information via this link: https://support.google.com/firebase/answer/6318039. Google Analytics retains ID-associated data for 60 days, and retains aggregate reporting and campaign data without automatic expiration, unless the Firebase customer changes their retention preference in their Analytics settings or deletes their project. For Analytics for Firebase, Google uses not only the "Instance ID" described above, but also the advertising ID of the end device. You can restrict the use of the advertising ID in the device settings of your mobile device. For Android: Settings > Google > Ads > Reset Ad ID For iOS: Settings > Privacy > Advertising > No ad tracking
Firebase Remote Config: Remote Config uses Instance IDs to select configuration values to return to end-user devices. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.
Firebase Dynamic Links: Dynamic Links uses device specs on iOS to open newly-installed apps to a specific page or context. Dynamic Links only stores device specs temporarily, to provide the service.
Firebase Cloud Messaging: Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the mobile device, which serves as a target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the mobile device. Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.
Firebase will use this information on our behalf for the above mentioned reasons.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation http://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Transfer of data to third parties
We only pass your personal data on to third parties if:
Information on the rights of data subjects
Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.
Information on the option to lodge a complaint
You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.
Information on withdrawal of consent
You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.
Right in the event that data is processed for direct marketing purposes
You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.
Information on right to object in the case of balance of interests
If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.
Amendments to the Data Privacy Statement
We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.