Privacy Policy - Popcorn

Table of content

1. Details of the Controller

2. Information on the Types of Data Processed and Their Origin

3. Processing Purposes & Legal Bases

4. To Whom do we Transmit Your Data?

5. Processing of Payment Data

6. Information on Behavioural Advertising

7. Transmission to Countries Outside the EU or the EEA

8. How long will my data be stored?

9. Information on The Voluntary Nature of the Information

10. Information About Your Rights

11. Information About Your Right of Objection


This Privacy Policy gives you an overview of the processing of your personal data in the context of the use of the offers and online services on www.popcorn.dating (hereinafter referred to as the "Service").

Furthermore, this Privacy Policy informs you about your rights and the possibilities you have to control your personal data and to protect your privacy.

The previous way of processing your data will not change. Due to legal changes, only the specified scope of information in this Privacy Policy is more comprehensive than before.

We have always taken the protection of your personal data very seriously and - as before - will continue to take appropriate organisational, contractual and technical measures to protect your data from unauthorised or unlawful processing and against accidental loss, destruction or damage.

1. Details of the Controller

Responsible for data processing is Ideawise Limited, Room 604, Alliance Building, 133 Connaught Road, Central Hong Kong, Hong Kong. Its representative is SmH ServiceCenter.de GmbH, P.O. Box: 20 04 34, 13514 Berlin. Email: [email protected]

Ideawise Limited is also meant when the terms "we" or "us" are used below. You can contact our data protection officer at: [email protected] Please note that we are a company based outside the European Economic Area ("EEA"). As far as you use our service and data is processed, these data are transferred to a so-called "third country". Details can be found in section 7 below.

2. Information on the Types of Data Processed and Their Origin

If we provide the Service for your use, we process personal data from various sources. This is data that we collect automatically - for example when you visit a website - as well as other data that you have additionally provided to us.

a. Types of Data That We Automatically Collect

When you visit our website, you submit technical information to our servers. This happens regardless of whether you subsequently register with an account with us to use the Service or not. In any case, this data is recorded every time you visit our website:

Each time a page is accessed, access data is stored in a file, the so-called server log. The following data is stored:

The time, the status of your website visit (status means in this case whether the visit of the website was successful or not) as well as the request that your browser has made to the server to open the page, the amount of data transferred and the website from which you came to the requested page (referrer), and the product and version information of the browser used (user agent).

If you create a profile on our service, we will assign a so-called unique user ID to it. Besides your chosen profile name, the unchangeable Unique User ID allows us to uniquely assign your profile.

We also use cookies to process this data. Cookies are small text files that are downloaded to your device that store the above information about you when you use our Service. If you want to know more about how cookies work, which cookies we use and how you can disable them, click here.

Types of Data You Transmit to Us

In addition to the data we receive from all website visitors, we also process other data from registered users. The exact amount of this data depends on how you use the Service. Personal information that you publicly upload to your profile or other areas of the Service will be visible to other users (and searchable via the search function within the Service). If you choose additional settings for the publication of your data, this information will also be accessible to users who are not logged in. The privacy settings can be determined by you in your profile settings.

The data you provide us includes:

i. User account / profile data:

To use the Service, you can create a user account (a "Profile"). When you create a Profile, you must provide some mandatory information to complete the registration.

Required is:
● Username
● Password
● Email address
● Gender
● Country
● City and postcode
● Date of birth
● What gender is searched for
● What you are looking for (one-night stand, affair...)

If you have uploaded an image, other users have the option of sending the image directly from our Service to Google Image Search using the "Classify Images" function. This way, other users can help us to better recognize fake profiles and unauthorized uploaded images.

ii. Optional Profile Information:

The use of the Service is possible only with the aforementioned information. However, you may also provide additional personal information in your Profile, such as physical characteristics, personal interests or detailed information about your sexual preferences, political opinion or ideological beliefs. If you want to, you can upload your personal photos and videos to your Profile or a secret gallery. The scope of this optional data can be determined by you via the respective input fields in your Profile settings.

iii. Location Data:

When you register with our Service, we use your IP once to determine your approximate location data. You can agree to this localisation when registering or change it if necessary.

iv. Communication Data: Users

If you communicate with other users of our Service, we save your conversation history so that the conversation history with your chat partners can be permanently displayed.

v. Communication Data: Customer Service

When you contact our Customer Service, written communications between you and the service staff and notes on each transaction are stored so that you can always have a smooth customer service experience when the transaction is resumed by other service staff.

vi. Data for Age Verification and Fake Detection:

To perform the age verification (18+ check), we need a video from you. You must be in the video. In addition, your date of birth must be clearly visible on an official identity card. This way, we can verify that you are in fact of age. Alternatively you can do the age verification via Schufa (Germany only).

If you are suspected to be a fake, you must have your profile verified. To do this, you need to upload an image that shows your face. You must also visibly hold a note in your hand stating your user name and the current date.

vii. Social Sign-On:

You can also use the "Login with Facebook" function to create your profile. If you choose this function, you send us your username on the social network at www.facebook.com ("Facebook"), your email address with which you registered on Facebook, as well as your gender, first name and your profile picture.

3. Processing Purposes & Legal Bases

We process your data exclusively for the following defined purposes:
- to allow you and other users to use the Service and to ensure its functionality
- to provide you with additional services that you have purchased
- to keep you up to date with relevant information about our Service and to send you system notifications to the email address you have provided.
- to adapt the provision of the Service to your needs
- to display advertising tailored to your interests (including participation in prize competitions and sweepstakes)
- to continuously improve the service offer and to correct errors
- to detect and prevent fraud attempts
- to ensure the protection of minors
- to enable the exchange with customer service in case of questions
- to check information published on your profile or shared by you through the Service
- to disclose your personal data to third parties if we are legally obliged to do so
- to assert legal claims and to defend against legal disputes
- to ensure IT security and operation of our systems

In doing so, we rely on various legal bases in accordance with the so-called General Data Protection Regulation, a European Union legal framework for the standardisation of data protection law (“GDPR” for short). We refer in detail to the following legal bases:

Your consent

When visiting the website without registration, you agree to the cookie guidelines in the pop-up. If you have given us your consent to process personal data for specific purposes, this consent ensures the legality of the processing. By registering and creating your profile, you expressly agree to its use for the purposes described in detail in this Privacy Policy by ticking the box before sending off the registration form. So, if we process your data, it is because you have expressly allowed us to do so when you registered. Your consent is therefore the most important legal basis for the processing of your personal data by us. If you provide us with information about your sexual orientation or preferences, we will process this data exclusively on the basis of your consent.

Fulfilment of contractual obligations

At the same time, the processing of personal data takes place also for the provision of the Service and in the context of the performance of our contract with you. In many cases, the processing is not only justified by your consent, but also because it is necessary to fulfil our contract with you: In order to fulfil your claim to the services described in more detail in our General Terms and Conditions, it may be necessary, for example, to process your personal data. For example, if you wish to pay for your Vip or Premium membership the processing of your payment information is required for this.

Safeguarding legitimate interests

By registering to use the Service, you consent to the processing of your data in accordance with this Privacy Policy. That is why we process your data in principle, because you have allowed us to do so. However, there are some cases in which we would be entitled to process your data without your consent because it is necessary to protect our legitimate interests (or the interests of third parties). In this respect, the purposes for which we process your data also represent legitimate interests. We pursue legitimate interests, for example, if we check images or texts for content relevant under applicable criminal law or if we take measures to secure our “virtual domiciliary rights” as provider of the Service and in protection of other users. In these cases, we will not ask you in advance whether you agree to this processing, since processing is otherwise permitted by law.

Legal requirements or public interest

In addition, we are legally obliged to provide certain information to criminal prosecution or tax authorities in individual cases upon request.

4. To Whom do we Transmit Your Data?

We treat your personal data with care and confidentiality and will only pass them on to third parties to the extent described below and not beyond.

a. To Other Users:

As our Services is a platform for getting to know each other, it is in the nature of things that we forward your profile data and other data (e.g. messages you write and other communication you conduct with other users and the community) to the corresponding users of the Service at your request and on your behalf.

b. To Group Companies:

We transfer data to our affiliated companies, which form a group with us, within the framework of strict protection requirements. This is the case, for example, when you make a customer service request. We will then forward this request to SmH Servicecenter.de GmbH, a service company associated with us. In addition, our development company, TheNetCircle Network Co Ltd. and its debt collection partners Compay GmbH and Faircollect GmbH and Playamedia S.L.'s Community Management and Marketing receive the necessary information to ensure the security and functionality of the service and payment processing.

c. To Third Parties:

In addition, we transmit data to external service providers that enable us to provide the Service. These include hosting providers, delivery service providers, payment service providers and providers of analytical platforms. We require these service providers to comply with strict rules to ensure the security of your data when processing personal data on our behalf.

Google
Google LLC is a privacy shield certified provider from the USA. Google Analytics is used to analyse the behaviour of users of our services. On the pages where maps are displayed (e.g. to show the location of club profiles) we use Google Maps. We do not use the actual location of the user but a location stored by us. With the help of Google Captcha we determine with certain actions whether the visitor is a human being or a machine. YouTube videos are embedded in our service in "enhanced privacy mode". While no YouTube cookies are set by this particularly data protection-friendly type of embedding, calling up the pages nevertheless leads to a connection with YouTube and the DoubleClick network. A click on the video can trigger further data processing processes over which we no longer have any control.

Typeform
With this survey program (location Spain, adequate data protection level) we enrich our community to carry out interesting evaluations. Among other things, the nickname, gender, payment class and location can be transferred in the profile.

Ongage
With Ongage (location Israel, adequate data protection level) we make sure that we only send you relevant emails. With the program we can define target groups for newsletters. For this purpose we hand over the email address, the nickname, the registration date, the gender, the payment class, the last login time, the chosen language, the search by gender, the interests marked with I like, the age, the sexuality, the information about the newsletter unsubscription and the bounce status, as well as the stored place in the profile.

Sparkpost
Sparkpost (location USA, no adequate data protection level) is a provider for sending emails. For sending we hand over the email address. Sparkpost will delete the mail immediately after it has been sent.

Orbitsoft
With Orbitsoft (location Russia, no adequate data protection level) we can place targeted advertising. The software distributes the advertising banners according to target group. The target groups can be divided into location, gender, search gender, payment type, number of logins, age, preferences and the 18+ check status. Orbitsoft Opt-Out

Kayako
Kayako (UK site, adequate level of data protection) is our system for dealing with customer issues. For each request the email address, your preview profile picture and the username will be transferred.

Twilio
We use Twilio (location USA, Privacy-Shield certified) for our free SMS service. If this function is used, the recipient telephone number and the SMS text are transferred.

Amazon S3
This storage service (processing in the USA and Europe, Privacy-Shield certified) is used by us to store and deliver videos and images.

Compay
Our subsidiary (location Germany, adequate level of data protection) is our debt collection partner. When you purchase a membership or points, your billing information is sent directly to Compay. Here you can see what data is involved.

Vendo
Vendo (location Switzerland, adequate level of data protection) is our payment provider for payments from abroad. When purchasing a membership or points outside of Germany, Austria or Switzerland, the user ID is forwarded directly to Vendo.

Paysafecard.com
Paysafecard.com (branch of Prepaid Services Company Limited located in Germany, adequate level of data protection) is a payment provider for anonymous payment. With a Paysafecard you can buy a membership or points. When you choose to purchase Paysafecard, your user ID will be forwarded to Paysafecard.com and your email address will be forwarded to our own payment provider Compay.

Popcorn Shop
Our shop works together with a dropshipper. This is the Zugeschnürt-Shop from Berlin, Germany (adequate data protection level). When purchasing an item, the invoice data will be transmitted, i.e. the order number, name, telephone number, email address, company and address, should these have been stated at the time of purchase. Also the product data (such as price, size, quantity and article number), the payment method and the shipping options.

BS Payone
In the Popcorn shop it is possible to pay with Paypal. This is done via the payment provider BS Payone (location in Germany, adequate level of data protection). When purchasing, we only transmit the user ID to BS Payone.br/>
Virtual Business Support
In order to activate our images even faster, we work together with Virtual Business Support (based in the Philippines, no adequate data protection level) where new images are classified by qualified personnel.

Affiliate Systems
We use the following affiliate systems to win new customers for our community. We measure success on the basis of registrations and sales. We use: Adcell, Adwords together with the Google Tag Manager and Hasoffers.

Public authorities
We transmit data to authorities in the event of a legal obligation based on a request for information from the respective authority.

5. Processing of Payment Data

When purchasing on our Service, we transfer different details for each payment method to our debt collection partners. Our partners are Compay GmbH, Vendo Services GmbH, Paysafecard.com Services and BS PAYONE GmbH. You can find out which data this is for each desired payment method here.

6. Information on Behavioural Advertising

The term "behavioural advertising" refers to the use of tracking measures to determine the potential interest of users in advertisements and to display them according to their interests. For this we use the following features: Gender, membership type, 18+ check status, preferences, interest in a membership, number of logins and what gender a member is looking for. Members with a Premium and VIP membership have the possibility to switch off the advertising.

7. Transmission to Countries Outside the EU or the EEA

All servers of the Service are located in the EEA, hence initially your data does not leave the EEA technically, but the technical provision and processing of the data for the operation of the service takes place in the European Union.

However, when you submit data to us, it will be legally transferred to a country outside the EEA, as we have our registered office in the People's Republic of China. In addition, our development company is also based in China, from where it has technical access to the servers in the European Union. According to the GDPR, China is a so-called "third country" in which an adequate level of data protection cannot be guaranteed in principle; there is no corresponding decision on adequacy and there are also no specific guarantees to compensate for this deficit. This means that we may have to transmit data to government agencies there under less stringent conditions than is the case within the EEA. The legal hurdles to the protection of personal data in China are thus generally regarded as lower from a European point of view, as would also be the case for processing in Australia, Russia or India, for example. Due to the use of external service providers, some data is also transferred to other so-called "third countries". You can see exactly what these are and whether there is an adequate level of data protection under point 4c.

8. How Long Will My Data Be Stored?

We process and store your personal data as long as it is necessary for the fulfilment of our contractual or legal obligations. Therefore, we store the data as long as our contractual relationship with you exists and also after termination, as far as the laws of the Federal Republic of Germany and the People's Republic of China require this. If the data are no longer necessary for the fulfilment of such obligations, they will be regularly deleted, unless their further processing is necessary for the protection of legitimate interests or for the preservation of evidence within the framework of statute of limitations. In this sense, age verification and fake suspect photos and videos are stored expressly for the entire duration of the contract, since we use this data in particular to continuously guarantee the protection of minors and the prevention of fraud attempts.

The data collected under 2.a will be stored for 180 days. This storage period serves our protection against attacks on the systems of our service, e.g. through so-called Distributed Denial of Service attacks, in which a large number of accesses to our service are intended to overload the systems in order to interrupt the provision of our service.

9. Information on The Voluntary Nature of the Information

You are not required by law to provide us with the above information. In principle, the contractual relationship that you have entered into with us by agreeing to our General Terms and Conditions does not give rise to any obligation to provide this personal data. However, the transmission of mandatory information is a basic prerequisite for concluding a contract with us. Furthermore, you cannot use the Service or only to a limited extent if you do not provide us with certain data or contradict their use. This is because the Service is essentially only "brought to life" by the content posted by the users.

10. Information About Your Rights

You can assert the following rights:

Your right to access to information under Article 15 GDPR, 
Your right to rectification under Article 16 GDPR, 
Your right to erasure under Article 17 GDPR, 
Your right to restriction of processing under Article 18 GDPR and 
Your right to data portability under Article 20 GDPR. 

If you have any questions in this regard, please contact our customer service at: [email protected]

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. However, this revocation will then only be effective for the future. Processing that took place before the revocation is not affected by this.

In addition, you have a right of appeal to the competent data protection supervisory authority. As we are not established in the EU, this is the supervisory authority of the representative named under point 1, or the supervisory authority responsible for your place of residence.

11.Information About Your Right of Objection

a. Right of Objection on a Case-By-Case Basis

In addition to the rights already mentioned, you have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Article 6 para. 1e GDPR (data processing in the public interest) and Article 6 para. 1f GDPR (data processing on the basis of a balance of interests). If you file an objection, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

b. Right to Object to the Processing of Data for Advertising Purposes

You also have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing. If you object, we will no longer process your personal data. Please also note the information in Section 9 of this Privacy Policy: If we terminate the processing due to your objection, it may be that the service can no longer or only to a limited extent be made available to you.

The objection can be made informally and should be addressed to: [email protected] if possible.


Cookie Settings

Here you can choose which cookies do you want to accept: Settings