# Data Privacy Statement for the Use of the “Cash Alarm” App, Version: 01.09.2019

This Data Privacy Statement applies for the offering and use of the “Cash Alarm” app (hereinafter referred to as “Cash Alarm”), which is provided to you by AppLike GmbH, 22769 Hamburg (hereinafter referred to as “we” or “us”) for use on your mobile device.

When using Cash Alarm, personal data will be collected, processed and used by us. Because the protection of your privacy when using Cash Alarm is important to us, we would like to inform you with the following information about what personal data we collect when you use Cash Alarm and how we handle this data.

You can access this Data Privacy Statement at any time under the “Datenschutz” (data privacy) heading within the app or at https://cashalarm.online/legal/privacy.

Data Controller

AppLike GmbH, 22769 Hamburg (you will find exact contact details in the legal notice in the app or at https://cashalarm.online/legal/imprint) is the “controller” in accordance with the applicable data protection law, in particular the EU General Data Protection Regulation (GDPR).

Should you have any questions or comments about data privacy when using Cash Alarm, please feel free to contact us by post (AppLike GmbH, Stresemannstraße 29, 22769 Hamburg) or send us an email to contact@cashalarm.online.

What is Personal Data?

“Personal data” is information, or parts thereof, by means of which you can be identified either directly (e.g. by your name) or indirectly (e.g. by pseudonymised data such as a unique ID). This means that personal data includes, for example, email addresses, addresses, mobile phone numbers, user names, profile pictures, personal preferences and use behaviour regarding the apps used on your end device, user content, financial information and health-related information. However, this could also include one-time identifiers such as the IP address of your end device or the browser you use, and other specific information about your mobile device.

This Data Privacy Statement covers all personal data that is stored and processed by you when using Cash Alarm.

Collection and Use of Your Data

In some cases, you will provide us with immediate access to the data (e.g. when creating a user account and contacting us) and in some cases we will collect the data automatically during the use of Cash Alarm (e.g. in order to offer our services and understand how you use our services and your apps).

We will use your data to perform and process the contract on the use of Cash Alarm. Within this framework, we will use your data primarily for the calculation and payment of the bonuses acquired by you in the course of your use of Cash Alarm and inform you about apps participating in Cash Alarm. Other use will only take place due to other statutory obligations or authorisation, if you have granted us permission, or if the use is for legitimate interests of AppLike GmbH as the provider of Cash Alarm.

The legal basis for the processing of your data may be the following:

  • your consent to data use within the framework of Cash Alarm in accordance with Art. 6(1)(a) GDPR;
  • he fulfilment of our service obligations resulting from the contract on the use of Cash Alarm, in order to provide you with the desired services, in accordance with Art. 6(1)(b) GDPR;
  • our legitimate interest in accordance with Art. 6(1)(f) GDPR;
    • our commercial interests in the improvement of our services, so that we can better understand your needs and expectations and therefore improve our services for you;
    • for the prevention of fraud and to guarantee that the use of Cash Alarm takes place completely and without fraudulent conduct and in accordance with the terms and conditions of use of Cash Alarm: We reserve the right to exclude certain users and their end devices from the services, in the event of impermissible use behaviour, without specifying the exact reason (impermissible behaviour includes, for example, the use of multiple end devices from one IP address [if this is not customary at the respective location or in the respective country], multiple use of user accounts that are linked to payment service providers, furthermore, the use of several mobile phone numbers (which are used to validate the identity of the user), and certain changes to the mobile operating systems, such as the granting of unrestricted admin access, installation of malware or a specific modification of the operating system etc.);
    • in order to guarantee the security of our services and ensure that our offering (apps and web server) is technically safe and works properly;
    • to secure and implement our contractual entitlements and claims.
  • Legal bases in accordance with Art. 6(1)(c) GDPR, if the collection, storage, transfer or other processing of the data is legally prescribed or necessary for the processing, in order to fulfil our statutory obligations.

What Rights Do You Have Regarding Your Data?

You have the right at any time to receive free information about the extent and content of the processing of your personal data by us. You also have the right to request from us the rectification, restriction of processing, or erasure of your personal data.

In the event of data privacy violations, you also have the right to lodge a complaint with the competent supervisory authority.

Further information can be found further down in this Data Privacy Statement, in the following section: “Your Rights as a Data Subject”.

In particular, your personal data will be used as follows during the use of Cash Alarm:

Registration

In order to use Cash Alarm, you must register for Cash Alarm.

Consent to the Processing of Personal Data for the Use of Cash Alarm

When using Cash Alarm for the first time, you first have to accept our terms and conditions of use (GTC) during the registration and agree to the processing of your personal data by Cash Alarm. For this purpose, you have to confirm the following declaration of consent by clicking on the “ACCEPT” button underneath (if you do not want to give consent, please click on “REJECT”; the use of Cash Alarm will then not be possible):

I hereby consent to Cash Alarm using the following personal data within the framework of the use of Cash Alarm:
Registration data (email address, date of birth, gender)
Installed apps (including the use duration and use history)

The data will be connected to your end device via the device ID (so-called GAID or IDFA) and sent, encrypted, to our servers. In order for app providers to finance our app suggestions, they must be sent the device ID for billing purposes. To measure the use time and the installed apps, the user can voluntarily and manually upload screenshots from its mobile phone via Cash Alarm, and they will then be automatically processed, analysed and stored by our system for the existence of the membership.

The processing of the above data is necessary to be able to recommend, via system messages, the installation of apps available in Cash Alarm that match my interests, and calculate the bonuses acquired as a result of my use of the corresponding apps. I am aware that a profile of interests will be generated using the above data, and depending on the types of app I use, this may contain particularly sensitive personal data (e.g. health-related data or data about my sexual orientation, and any other data in special categories pursuant to Art. 9[1] GDPR).

Information about Withdrawing Consent

The withdrawal of your consent and the termination of the use of Cash Alarm is possible at any time with future effect, and can be sent to AppLike GmbH via email at contact@cashalarm.online or by post to AppLike GmbH, Stresemannstraße 29, 22769 Hamburg. Special fees (beyond the regular transmission fees of your telephone or internet service provider, or letter postage) do not apply for the withdrawal of consent. In the event of withdrawal, your data will be erased from the Cash Alarm database; if an erasure is not possible, it will be blocked instead of erased. Further use by Cash Alarm is no longer possible after the withdrawal of your consent.

Registration and Registration via Facebook or Google+ Login

For the registration, in the next step after accepting, you have to decide whether you would like to register via email or with the user data of your Facebook or Google+ account.

If you decide to register via email, you have to enter the following details:

  • User name (nickname)
  • Your email address
  • Password (this will be sent encrypted and only known by you; we cannot pick this out)
  • Age
  • Gender

This information is absolutely necessary to be able to identify you. We will collect and use this data to set up and provide Cash Alarm on your mobile end device. We require your date of birth to check that you are of legal age, because the use of Cash Alarm is only permitted for people from the age of 18 years.

Your data will be sent encrypted in the SSL process and will therefore be safely transmitted. If you decide, by activating the corresponding checkbox, to be automatically logged in in the future for the use of Cash Alarm, the password will be stored with SHA encryption in order to protect your data.

As an alternative to logging in via email, you can log in with your Facebook or Google+ login. Additional registration for Cash Alarm will then not be necessary. For the registration, you will be directed to the Facebook or Google page where you can register with your user data and therefore link your Facebook or Google profile to our app. We will hereby automatically receive the following information from Facebook or Google:

  • Facebook ID or Google ID;
  • your user names (nickname) entered in Facebook or Google+;
  • your email address entered in Facebook or Google+;
  • your gender entered in Facebook or Google+;
  • your date of birth entered in Facebook or Google+;
  • your profile and title picture entered in Facebook or Google+;

This information is absolutely necessary to be able to identify you. We will collect and use this data to set up and provide Cash Alarm on your mobile end device. We require your date of birth to check that you are of legal age, because the use of Cash Alarm is only permitted for people from the age of 18 years.

We will store the profile image used by you on Facebook or Google+ and use it to personalise the display within Cash Alarm on your end device.

Your data will be sent encrypted in the SSL process and will therefore be safely sent from the servers of Facebook or Google. If you decide, by activating the corresponding checkbox, to be automatically logged in in the future for the use of Cash Alarm, the password will be stored with SHA encryption in order to protect your data.

Further Information:

The provider of social network “Facebook” is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Facebook profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.

The provider of social network Google+ is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Which personal data containing the above-mentioned information is sent to us depends on the settings selected by you within your Google+ profile. Please find the corresponding information in the data privacy terms and conditions of Facebook: http://www.google.com/intl/de/+/policy/+1button.html.

The use of the Facebook or Google+ login can lead to your personal data being collected by Facebook or Google and potentially sent outside the EU/EEA, and being stored and used there. This data collection and use is within the area of responsibility of Facebook or Google. The precise use of the data by Facebook or Google is not known to us and we have no influence on what data is collected by Facebook or Google and how it is used by Facebook or Google.

Further information about these services and any privacy settings envisaged by the respective providers can be found in the above-mentioned data privacy notices and terms and conditions of use of Facebook or Google, to which you have agreed during your registration with the respective social network.

Registration/Setting Up a User Account

To be able to use all functions of Cash Alarm and in particular to benefit from the bonus payments, you have to register for the use of Cash Alarm by setting up a user account. The registration therefore serves to provide the services of Cash Alarm and calculate the bonuses generated by you.

During the registration process, we will collect and store certain other personal data about you for the setting up of a customer account, if necessary. This includes the following details (if we have not yet collected and stored them in accordance with the steps described above, see above):

  • Payment details (email address of a PayPal account or account details of other payment service providers that are supported by Cash Alarm.
  • Mobile telephone number - through which the user's identification is authenticated once the user enters a unique code (so-called "two-factor authentication"), which is sent to the user via SMS. The telephone number is used exclusively for purposes of fraud prevention and in particular not for advertising purposes.

Your data which is entered (additionally) during the registration will be used by us (in addition to the purposes already described above) to pay the bonus payments generated by you.

The processing of this data is for the performance of the contract on the use of Cash Alarm by you, and without your corresponding details, you may not be able to use Cash Alarm, or you will only be able to do so to a limited extent, and in particular you may not be able to benefit from our bonus payments to you.

Use Data

During the use of Cash Alarm, we log and store certain data automatically.

Data Processing for the Recommendation of New Apps

To be able to recommend to you other apps that participate in Cash Alarm based on your current app preferences, a list of apps currently installed on your end device, as well as apps that you have already installed (but that you have deinstalled) in the operating system installed on your end device, including a use history of all these apps, will be sent to us during the installation of Cash Alarm.

In order to know your long-term preferences and continue to offer you interesting apps, after the installation of Cash Alarm and permanently during the use of Cash Alarm, other apps installed by you on your end device will be automatically recognised by Cash Alarm and the name of each newly installed app will be sent to us.

In addition, we will log data about the use of the apps running in the foreground of your end device and the temporal extent of the use (date, time and duration of the use of all apps).

For the logging of the use data within Cash Alarm, we measure the so-called “customer journey”. For this purpose, each click or typing of a key within Cash Alarm will be logged and linked to your profile or stored on the server.

The processing of this data takes place based on the consent granted by you (see above) and serves to perform the contract on the use of Cash Alarm by you.

Data Processing for the Calculation of Bonus Payments

We also use the data about your use of the apps running in the foreground of your end device to calculate the bonuses generated by you, if you have obtained and installed these apps via Cash Alarm. For this purpose, we also log and use data about your purchases of services and virtual items within the framework of the apps used by you (in-app purchases), and about relevant in-app occurrences relevant for the calculation of the bonuses, such as level increases.

The processing of this data takes place based on the consent granted by you (see above) and serves to perform the contract on the use of Cash Alarm by you.

Use Data about the End Device Used by You

In order to be able to identify you beyond any doubt during the use of Cash Alarm and allocate you for the purpose of the recommendation of new apps, and the calculation and payment of the bonus payments, we store other data about the use of Cash Alarm and the end device used by you for this purpose. This includes the so-called Google Advertiser ID (“GAID” for Android) and the so-called Apple Identifier for Advertisers (“IDFA” for Apple iOS), the model and product name of your end device, the version of the operating system, the browser type used and its display resolution, as well as the IP address allocated to your end device and information about when which content from our offering was accessed, the names of the files requested, and their dates and times of access. We require this data to determine the content requested by you (e.g. text, images, games and product information as well as files provided for download etc.), in order to enable the offering of our services in accordance with the terms and conditions of use, and for the optimal display of Cash Alarm on your end device. In order for app providers to finance our app suggestions, they must be sent the device ID for billing purposes.

The processing of this data takes place based on the consent granted by you (see above) and serves to perform the contract on the use of Cash Alarm by you.

If our server logs also automatically log your IP address, this will take place solely for the purpose of guaranteeing the security of our systems, or for fraud prevention, and the IP address will be automatically erased after 30 days at the latest.

The processing of this data therefore takes place to safeguard legitimate interests of AppLike GmbH as the provider of Cash Alarm.

Anonymised Use Data to Improve Our Services

Otherwise, the above-mentioned use data will be prepared, and we will process it in a general and anonymised manner in order to generally analyse the use of Cash Alarm. This data includes the models and product names of the end devices employed for the use of Cash Alarm, the version of the operating system, the browser types used and their display resolutions, as well as general details about when which content from our offering is accessed, the names of the files requested or which data is accessed most frequently, and their dates and times of access. This data is solely for the needs-based design of Cash Alarm and therefore to constantly improve our services, and detect and rectify any security flaws.

This data does not enable matches to be made to you personally.

The processing of this data will take place to safeguard legitimate interests of AppLike GmbH as the provider of Cash Alarm.

Note: Authorisation to Access Functions and Data on the End Device

In order to be able to use all functions of Cash Alarm, you must grant Cash Alarm any necessary authorisation to access certain functions and data on your end device (however, this is dependent on your device and the operating system, on which we have no influence). We will use all authorisation granted by you solely for the above-named purposes, even if authorisation granted (e.g. for technical reasons) theoretically enables other possible uses. You can normally (in other words, depending on your device and the installed operating system) cancel granted authorisation in your device settings at any time.

Contact Section

In the contact section of the app, you can contact us via email using our contact form. Your email address will thereby be collected by us. You can decide yourself which data you provide to us within the framework of the contact.

In this case, we will only use your data to respond to your query.

The processing of this data takes place based on your permission and to safeguard legitimate interests of AppLike GmbH as the provider of Cash Alarm.

Storage Duration of Your Data

We will only store your personal data for as long as we need it for the performance of the contract on the use of Cash Alarm, for the fulfilment of your wishes, or for our legitimate interests for the purposes of which we have logged your personal data, or for as long as is permitted or required by law:

  • For as long as you take part in the use of Cash Alarm, we will store and process your personal data for the duration of your use of Cash Alarm, until you end it or request that we erase your data;
  • For as long as you set up a user account for our services, we will store and process your personal data for the duration of your use of Cash Alarm, until you terminate it or until you request that we erase your data;
  • If you have agreed to the use of your email address for marketing purposes, we will store your email address within our mailing database until you deregister or request that we erase the data, or by the end of a period of inactivity (no interaction with us for a maximum duration of 18 months);
  • If you send us a query, we will process your personal data for the duration of the processing of your query.

When we no longer require your personal data, we will erase it from our systems and records, or anonymise it so that it can no longer be identified.

We can retain certain personal data in order to comply with our statutory and regulatory obligations, and to enable us to manage our rights (e.g. the assertion of our rights in court), or for statistical purposes.

Forwarding of Data

The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:

  • If necessary for the resolution of unlawful use or misuse of Cash Alarm or for prosecution, personal data will be passed on to the criminal prosecution authorities and, if necessary, to third parties who have been harmed. However, this will only take place if there are specific indications of unlawful conduct or misuse. We are also legally obliged to provide information to certain public bodies upon request. These are criminal prosecution authorities, authorities that pursue administrative offences punishable by a financial penalty, and the financial authorities.
  • The forwarding to third parties bound to professional secrecy can only take place if this is necessary for the implementation of the Cash Alarm terms and conditions of use or other agreements, and our claims from the contract on the use of Cash Alarm.
  • For the provision of our service, we are occasionally reliant on contractually bound third-party companies and external service providers, e.g. for our customer service and the hosting of Cash Alarm. In such cases, information will be passed on to these companies or individual people in order to enable further processing. These external service providers are carefully selected by us and checked regularly, to ensure that your privacy remains protected, and they may only process the data for the purposes specified by us. They are also contractually obliged by us to only handle your data exclusively in accordance with this Data Privacy Statement and the German data privacy laws.
  • As part of the further development of our business, the structure of our company may change, in that the legal form is changed, or subsidiary companies, business units or components are founded, purchased or sold. In the event of such transactions, the customer information will be passed on, together with the part of the company to be transferred, with your consent. During any transfer of personal data to third parties to the specified extent, we will ensure that the further use takes place in accordance with this Data Privacy Statement and the relevant data protection laws, and we will ask for your permission.

Security Measures to Protect the Data Stored by Us

We are obliged to protect your privacy and treat your personal data confidentially. Your data will be stored in our databases, which are only accessible to us and employees specifically trained in data protection.

If we use support from third-party service providers who process your data on our behalf in order to provide our web services, we have ensured that they are subject to the strict conditions of this Data Privacy Statement, and that the use of your data beyond the cases described in this Data Privacy Statement will not take place. All contractors, service providers and their employees are subject extensively to our instructions and are also in particular legally obliged to observe, and trained in, the protection of your data.

In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organisational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorised information.

However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.

Data Storage Abroad

We consistently ensure the strict data protection made legally binding in the European Union. In some cases, particularly for technical reasons, it may transpire that your data entrusted to us is stored on servers outside of your country (even outside of the European Union) in which you originally entered your data. In this case and in the case of a risk that countries to which your data are sent are not subject to data protection law that is just as strict as that in your home country and in the country from which you use our services, we ensure that your data is handled in accordance with the provisions of this Data Privacy Statement.

Data processing by processor

For the operation of our services we are partly dependent on third party suppliers (called processors). For these companies to be able to carry out their services, your data must be transferred to them. We have entered into a processing contract with these contract processors in accordance with Art. 28 GDPR and they implement the strict requirements of the data protection authorities when using your data. We ensure that all third party service providers, who assist us in the provision of our services, comply with data protection law by this agreement and strict controls that your data will be treated according to our instructions and will not be disclosed to third parties. In addition, we take further measures to guarantee the protection and safety of your data. Data will only be processed outside the EEA if the service provider guarantees that we comply with the requirements of European data protection law.

The following service providers (processors) work with us for the following purposes:

  1. Amazon Web Services, Inc., P.O. BOX 81226, Seattle, WA 98108-1226, USA - Server hosting provider for storage.

    The data required to send the newsletter will be stored on Amazon Web Services servers within the European Union. Amazon Web Services is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States. We have also concluded an order processing contract with Amazon Web Services in accordance with Art. 28 DSGVO and fully implement the strict requirements of the German data protection authorities during use.

    For more information, see the Amazon Web Services privacy statement at: https://aws.amazon.com/en/compliance/data-privacy/.

  2. adjoe GmbH, Neuer Pferdemarkt 1, 22359 - Software Service provider for optimized advertising and fraud prevention.

    We have concluded an order processing contract with adjoe in accordance with Art. 28 DSGVO, in which adjoe is bound by agreement to protect the data of our users and not to pass the data on to third parties.

  3. Singtaper Technologies F_ZCO, DTEC, DSO-THUB-1-D-FXD-G035, Dubai Silicon Oasis, U.A.E - SMS Shipping Service Provider.

    We have concluded a contract processing contract with the partner pursuant to Art. 28 GDPR based on the EU standard contractual clauses for the transfer of personal data to processors in third countries under Directive 95/46 / EC of the European Parliament and of the Council and have thereby obliged Singtaper to do so to process the data only according to our instructions and to implement the strict data protection rules of the European Union.

    More information can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN.

Your Rights as a Data Subject

As a data subject in the data processing by Cash Alarm, you have the following rights listed in this section.

If you would like to exercise one of your rights named below, please contact us using the contact details named in the following “Contact” section.

Please note that we may request proof of your identity and extensive information about your query before we can process it.

Information, Restriction of Processing and Erasure

Within the framework of the applicable statutory provisions, you have the right at any time to obtain free information about the data stored about you personally, its origin and recipients, and the purpose of the data processing. On presentation of the respective prerequisites, you may also have the right to the rectification of incorrect data, the restriction of the processing, and the erasure of data.

Withdrawal of Your Consent to Data Processing

Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.

Right to Data Portability

Regarding the data that we process automatically on the basis of your consent or in the performance of a contract, you generally have the right to access it yourself or have it provided to a third party in a customary, machine-readable format. If you require the direct transfer of this data to a third party, this will only take place if this is technically possible with reasonable effort.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of data privacy violations caused by us, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for AppLike GmbH in data protection law matters is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), the contact details of which can be found in the following link: https://www.datenschutz-hamburg.de/wir-ueber-uns-kontakt/wie-erreichen-sie-uns.html.

Contact

Should you have any questions or comments about the handling or use of your personal data, should you require information about the personal data stored about you, or should you wish to exercise your other rights named above, you can contact us via this support form, by post at AppLike GmbH, Stresemannstraße 29, 22769 Hamburg) or by sending an email to contact@cashalarm.online.

Operational Data Protection Officer of AppLike GmbH

As legally stipulated, we have appointed a data protection officer for our company:

Mr Rechtsanwalt Stephan Krämer, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln

Links to Third-party Websites

On our website, there are links to websites of other service providers. When activating these links, you will be forwarded directly to the websites of the other service providers. You will notice this by the change of URL, amongst other things.

We cannot accept any responsibility for the confidential handling of your data on these websites of third-party companies, as we have no influence on the compliance of these companies with the data protection regulations. Please inform yourself about the use of your personal data by these companies directly on these websites.

Changes to this Data Privacy Statement

We always keep this Data Privacy Statement up-to-date. Therefore, we reserve the right to change it from time to time and update it with changes during the collection, processing and use of your data. Therefore, please read through this Data Privacy Statement regularly. You can access the current version of this Data Privacy Statement at any time under the “Datenschutz” (data privacy) heading within the app or at https://cashalarm.online/legal/privacy.