Privacy statement

This privacy statement applies to the mobile app SingSing (the “App”) and SingSing websites that can be visited through the App (the “Website”). Both together are referred to as “Services”.

1. General

With regard to the Services, SingSing is the data controller in terms of the General Data Protection Regulation (“GDPR”).

FHTS Ventures GmbH Kalckreuthstr 13 10777 Berlin Germany Telephone: support@joinsingsing.com

This privacy statement provides information about how we collect and process personal data in connection with our Services.

2. Access to and storage of information in terminal equipment

By using our app, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our app), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

3. Data that we collect and process

a. If you register or login to SingSing you need to sign in with your phone number. We use your access data to create and let you manage your account on SingSing.

We use the data to authenticate you during the login process. The data you provide during a registration or login are used and managed by us to (1) to verify your right to use your SingSing account and (2) to realize the terms of use of the app with all connected rights and responsibilities.

b. Your data from the login is getting processed through Google Firebase (or HiAnalytics). We assign a random user number to your account and transfer it to SingSing to be able to identify you. This random user number enables us to assign the SingSing activities (events) to an account. The user number does not allow for any conclusion to be drawn about your identity or other personal data. The processed data will be only used in case of legal necessity (e.g. Criminal prosecution). More information about the use of Google Firebase can be found further down.

c. We assign the following data to the user number and store them:

  • Data about the language in which you use the App;
  • Your interaction with events in the app
  • Technical data transmitted by your mobile device, such as:
  • - Your IP address;
    - The time periods in which you use the App;
    - The date of registration of your account;
    - The operating system of your device;
    - The type of device used by you;

  • Other data, if you actively provide us with such data in the App, such as username and profile picture
  • Contact details (e-mail address and country of residence) when you contact us.
  • d. We also process data on the frequency of use and user behaviour in the App for the purpose of operating the App as well as statistical evaluation and improvement of the App.

    4. How and for what purpose we process data, and the legal basis of such processing

    a. Except in the cases mentioned below, we will only disclose personal data if and to the extent that we are required to do so by law or by court or administrative order. The legal basis for this is Art. 6 (1) lit. c GDPR (legal obligation).

    b. For the registration to SingSing and for the generation of your random user number we use the data which we received from Google through your registration with your Google account to SingSing (phone number). In addition we use here Google Firebase to generate user numbers. This relies on the pre-contractual or. contractual measures between you and SingSing according to Art. 6 (1) lit. b GDPR.

    c. We use your user number to connect activities in the App with your account and, thus, to enable the operation of the App, as well as for identification purposes if you assert the data protection rights to which you are entitled. The legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; the legitimate interest in using these data results from the fact that access to the App is not possible without these data).

    d. We process the above-mentioned data for the following purposes and in the following ways:

  • Language of App use: To make the App and its contents available in your preferred language; legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interest; user should be shown the app in his native language in order to be able to understand the content);
  • SingSing events, comments: On the operation of the App, in particular on the presentation of the contents generated by you in the App; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures);
  • Technical data: To distinguish actual App users from bots, to prevent misuse and to block illegal content reported by other users; in anonymous form also for the purpose of statistical analysis; the legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in being able to distinguish users from bots, prevent misuse and block illegal content);
  • Contact details: To reply to your request and to verify the facts in light of the rules and circumstances applicable in your country; the legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in us replying to your requests);
  • 5. Use of analysis, advertising and other third-party tools

    1. We also analyze data of usage to better understand user preferences through user actions. Next to our own analytics we also use the following tools:

    aa. Google Firebase

    We use the Google Firebase developer platform and related features and services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

    Google Firebase is a platform for developers of applications (“Apps”) for mobile devices and websites. Google Firebase offers a variety of features, which are described on the following overview page: https://firebase.google.com/products/.

    These features include, but are not limited to, the storage of Apps, including personal information about the users of the Apps, such as content created by them or information regarding their interaction with the Apps (so-called “cloud computing”). Google Firebase also offers interfaces that allow interaction between users of the App and other services, e.g. authentication via services such as Facebook, Twitter or via an email/password combination.

    The evaluation of user interactions and the performance of the App is carried out with the help of the analysis services “Crashlytics” and “Google Analytics”. Google Firebase is designed to record how users interact with an App. This involves recording events such as opening the App for the first time, uninstalling, updating, crashing or the frequency of use of the App. The events can also be used to record other user interests, e.g. for certain functions of the applications or certain topics. In this way, user profiles can also be created, which can be used, for example, as a basis for the presentation of advertising messages tailored to users.

    Google Firebase and the users’ personal data processed by Google Firebase may also be used together with other Google services, such as Google marketing services (in which case device-related information such as “Android Advertising ID” and “Advertising Identifier for iOS” are also processed to identify users’ mobile devices).

    We use Google Firebase for:

    Providing and managing your user account on SingSing, analysis, optimization, security and economic operation of our application. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

    In case you gave your consent pursuant to Art. 6 para. 1 lit. a GDPR data on this website is processed for the purpose of website analysis.

    Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

    The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

    Further information on the use of data for marketing purposes by Google can be found on the overview page:

    https://www.google.com/policies/technologies/ads, Google’s data protection declaration is available at https://www.google.com/policies/privacy.

    If users wish to opt-out of interest-based advertising through Google’s marketing services, they may do so by using the opt-out and opt-in facilities provided by Google: http://www.google.com/ads/preferences.

    For more information about Google Firebase, please visit:
    https://firebase.google.com/
    https://www.firebase.com/terms/privacy-policy.html. A detailed overview of the data collected by Google Firebase can be found at https://support.google.com/firebase/answer/6318039?hl=de.

    bb. If you decide to deactivate (some of) the tools described in this section 3.b (to the extent this is possible), please note that certain features and functionalities of the Services might not work or might not be accessible to you.

    cc. The legal basis for the processing of the data described in section 3a (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we can only offer the App to users for free if we are in a position to efficiently display relevant advertisements in the app).

    The legal basis for the processing of the data described in the section 4b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we use and analyze the respective data (i) to improve our Services, such as by gaining a better understanding of your interests and requirements regarding our Services, (ii) to help personalize your user experience, (iii) to recognize user patterns in order to protect the App against bots, abusive members and abusive content, and (iv) to provide you with certain features of the Services (without us using such data some of the functionalities of the Services might not work or might not be accessible (this applies, in particular, to the tools mentioned above in sections 4.b, aa, bb, cc, dd; with regard to item (iv) such processing of data is also based on Art. 6 (1) sentence 1 lit. f (legitimate interests)).. If we ask the users for their consent to the use of third party providers, the legal basis for the processing of data is the consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

    6. Technical implementation of third-party software

    In some cases we use service providers who process personal data on our behalf to provide the technical platform for the Services. These service providers process corresponding data exclusively according to our specifications (order processing). The legal basis for data processing described in this section 4 is Art. 6 (1) lit. b GDPR (lawfulness of processing) and Art. 28 GDPR (processor).

    7. Storage period for personal data

    Unless a shorter storage period is specified in this privacy statement, we will store personal data for as long as (i) it is necessary to provide the Services to you; and/or (ii) it is necessary in view of the contractual relationship with you. Thereafter, the data will only be stored if and to the extent that we are obliged to do so by law. If we no longer need the relevant personal data for the purposes described above, these personal data will only be stored for the duration of the respective statutory retention obligations and will not be processed for other purposes.

    8. Your rights

    You have the following rights regarding your personal data:

    Right to information
    You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR.

    Right to rectification
    The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR.

    Right to have data erased
    You have the right to have your personal data erased in according with Art. 17 GDPR. According to this provision, your right to have your data erased may be excluded due to a conflicting interest.

    Right to restriction
    You have the right to have the processing of personal data concerning you limited in accordance with Art. 18 GDPR.

    Right to withdraw the given consent
    You have the right to withdraw your given consent to the processing of your personal data at any time according to Art. 7 para. 3 GDPR.

    Right to data portability
    The right to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible in accordance with Art. 20 GDPR.

    The right to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible in accordance with Art. 20 GDPR.

    Right to complain to a data protection regulatory authority
    The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of work or usual residence.

    Right to object
    Right of objection If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons resulting from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.

    9. Contact; data protection officer

    For all questions regarding data protection at SingSing you can contact SingSing’s data protection officer directly. You can contact us at the e-mail address dpo@joinsingsing.com.

    10. Protection of personal data

    We attach great importance to the protection of all personal data related to the App or its use. We have security measures in place for protection against the loss, misuse and alteration of the data we store. Our security measures and privacy statement are regularly reviewed and, where appropriate, updated and improved. Only authorised employees have access to personal data.

    We have taken additional, extensive precautions regarding the App and its use. Regardless of these precautions, the user should be aware that, regardless of any security measures, the exchange of information via the Internet can never be completely secure. We cannot guarantee the security of data transmitted via the App while it is being transmitted over the Internet.