For the WalletMe project, the interests of the users are a priority. On this basis, we make all our decisions, especially when collecting and processing your personal data. When it comes to the topic of data protection, we always want to give you, as a WalletMe user, the feeling of security and thus maintain your trust in us. Therefore, we strive to present this privacy policy as understandable and transparent as possible. In this privacy policy, the official terms of the General Data Protection Regulation (DSGVO) are generally used. The official definitions are explained in Art. 4 DSGVO. To protect the confidentiality of your personal data, we apply, in compliance with the legal provisions, the following principles.

§1 Legal basis for our services and basic information on the use and disclosure of data
1.1 The information in this privacy policy serves to clarify the purpose, scope and nature of the processing of your personal data within our entire online offering and all associated platforms and devices, including their functions and content. 
1.2 The legal basis for consent, forwarding and processing of data is Art. 6 para. 1 lit. a. and Art. 7 of the Basic Data Protection Regulation (DSGVO).

§2 Your data
2.1 Registration and access to the WalletMe Services The following data is required when setting up the account for the WalletMe Services and is therefore part of the contract: first and last name, telephone number, email address, registration address and password. You acknowledge that by creating an Account, you allow the WalletMe App to use the provided data in accordance with the Terms of Service. 
2.2 User Account Data In addition to the required basic data, you may also provide during registration: Gender, Region, City, Date of Birth, Phone Number, P.O. Box Address and a User Account Photo. You can manage the information and personalize settings under "My Account" in the WalletMe app. This additional information is used to provide you with personalized services such as viewing profiles, updates and content in your native language, and recommendations for stores near your home or place of business that may interest you. We also collect content that you create, upload or receive from other users when you use our product, including emails, photos, documents, etc. You have the ability to change your information, delete content, and close the account. However, closing the account does not mean that it will be deleted and also all personal data collected about that user. As a registered user, you must exercise your right of withdrawal. To withdraw this consent, contact us via support or other means.
2.3 WalletMe ID and Password You are responsible for the integrity of the WalletMe identification number (WalletMe ID) and your WalletMe password that you use to access our Services and Services. You must notify us in a timely manner if you suspect any unauthorized use of your WalletMe ID and password by a third party.
2.4 Information About Your Location When you use the WalletMe app, we collect information about your location so that features such as discounts at nearby cafes or stores are available to you. We determine your location using the appropriate capabilities of your device. The transmission data about your location depends in part on the settings of your device and account. For example, you can turn on or off the location feature on your smartphone or tablet. 

2.5 Duration of storage of personal data The duration of storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. Insofar as data is required for the fulfillment or initiation of a contract or if there is a legitimate interest on our part to continue storing the data, the data will only be deleted when it is no longer required for these purposes or you have exercised your right of revocation or objection.

§3 Use of the WalletMe Services
3.1 Data collection We consider it necessary to inform you that there is interaction of the WalletMe app with external services for cashless payments. In this case, we transfer further processing to external services that may have access to your payment data. The WalletMe service itself does not collect bank data, credit card data and the like from users.
3.2 WalletMe Services When you access our websites, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server: Browser and device types and settings, operating system, mobile network (including operator name and phone number) and app version number. We also record information about the interaction of your apps, browsers, and devices with our WalletMe Services, including IP address, incident reports, information about actions performed in the system, date and time of your visit to our resource, and the URL from which you accessed it (redirect URL). This information is also used to perform necessary functions such as automatic updates and the like. This allows us to save your settings and other data so that you do not have to enter them again the next time you log in. If you have logged in, we collect and store information in the account, which we process as personal data. Even if you have not logged into your account, you have the ability to manage the information using your device and browser, such as preferred settings. The legal basis for the temporary storage of the data or the log files is Art. 6 (1) lit. f DSGVO.
3.3 Support When contacting support, WalletMe collects your information from the request form or your email, including the first and last name, title, postal address provided by you there, for the purpose of processing the request and in case of follow-up questions, these are stored by us. The specification of an e-mail address is mandatory for contacting us, the specification of your name and telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO and, if applicable, Art. 6 (1) lit. b DSGVO, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f DSGVO.

§4 Transfer of data to third parties
4.1 Data transfer and recipients Your personal data will not be transferred to third parties unless
- if we have explicitly indicated this in the description of the respective data processing.
- if you have given your express consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO,
- the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO and there is no reason
legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c DSGVO, and
- as far as this is necessary for the handling of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DSGVO.
We also use external service providers for the processing of our services, which we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. With whom we have, if necessary, concluded order processing contracts in accordance with Art. 28 DSGVO. These are service providers for web hosting, sending emails and maintenance and care of our IT systems, etc. The service providers will not share this data with third parties.
4.2 What we share your data for In order to analyze trends in the use of our service, we may share your personal data with others such as customers (WalletMe CRM system owners), external support services and partners who ensure that our services are stable, various social media networks (for authorization purposes), developers and rights holders. In this case, the information shared serves statistical purposes and is shared in aggregate. Also in order to ensure that we can provide you with our services, we transfer your personal data to partner companies. This is necessary so that you can receive discounts and access to products from these companies. Any company that is registered in our system to participate in loyalty programs will have access to your data published in your profile.
4.3 External links Social networks (Facebook, Twitter, Xing, etc.) are included on our website only as links to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information will only be transferred to the respective provider after the forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.

§5 Deployment and use of analytics & other services
5.1 Google Analytics Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies". Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, and compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the Internet. The IP address sent by your browser as part of Google Analytics is not combined with other data from Google. The processing is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. We use Google Analytics only with IP anonymization enabled. This means that your IP address is only processed by Google in a shortened form. We have concluded an order processing agreement with the service provider, in which we oblige it to protect our customers' data and not to pass it on to third parties. Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA. The terms of use of Google Analytics and information on data protection can be accessed via the following links: http://www.google.com/analytics/terms/de.html   https://www.google.de/intl/de/policies/ The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user-level and event-level data associated with cookies, user identifiers (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) occurs no later than 14 months after their collection. You can prevent cookies from being stored by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and from analyzing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=de. 
5.2 Google Maps Our homepage uses the online map service provider Google Maps via an interface. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps, it is necessary to store your IP address. The legal basis for the processing of your personal data is your consent granted for this purpose in accordance with Art. 6 (1) p. 1 lit. a DSGVO. By using the service, personal data is transferred to the USA. The legal basis for the transfer of your personal data to the USA is your consent granted in accordance with Art. 49 (1) p. 1 lit. a DSGVO. Please note that for such transfers of personal data without the existence of an adequacy decision and without appropriate safeguards, there is a risk for you. The risk is that, due to legislation in the USA, American authorities (in particular the intelligence services) may access the personal data. Legal protection options or information on the handling of your data with the US authorities are only possible to a very limited extent or not at all. Accordingly, a level of data protection in accordance with the requirements of the GDPR cannot be guaranteed. You can find further information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/  Opt-out: https://www.google.com/settings/ads/ 
5.3 Cookies Our website uses cookies, which are stored by the browser on your device and which contain certain settings for the use of the website (e.g. for the current session). Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your terminal device until you delete them or the storage period expires. These cookies enable us to recognize your browser on your next visit. In part, the cookies are used to simplify website processes by storing settings (e.g. providing already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 (1) lit. b DSGVO either for the performance of the contract or in accordance with Art. 6 (1) lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed under the following links for the respective browsers cases or generally exclude as well as activate the automatic deletion of cookies when closing the browser. The cookie settings can be managed under the following links for the respective browsers. Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen 
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies 
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647 
Safari: https://support.apple.com/kb/ph21411?locale=de_DE 
Opera: https://help.opera.com/en/latest/web-preferences/#cookies 
You can also individually manage the cookies of many companies and functions that are used for advertising. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices/   Most browsers also offer a so-called "do-not-track" function, which allows you to indicate that you do not want to be "tracked" by websites. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be tracked for behavioral advertising and the like. For information and instructions on how to edit this feature, depending on your browser provider, see the links below: Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de 
Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/ 
Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track 
Opera: http://help.opera.com/Windows/12.10/de/notrack.html 
Safari: https://support.apple.com/kb/PH21416?locale=de_DE 
Additionally, you can prevent loading of so-called scripts by default. NoScript allows JavaScripts, Java and other plug-ins to run only on trusted domains of your choice. Information and instructions on how to edit this feature are available from your browser vendor (e.g. For Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/). Please note that if you disable cookies, the functionality of this website may be limited.

§6 Messages and notifications from WalletMe
6.1 Push Notifications WalletMe interacts with you by sending you messages and emails, as well as SMS messages. For example, WalletMe may send you notifications related to the availability of the Services and Products, security, and other aspects of the provision. To enable this, the operating system providers must be involved (for Android: "Google Cloud Messaging", for iOS "Apple Push Notification Service"). However, these services do not receive any further personal data. Exclusively on our server, the Push Notification Ident, is merged with your account to personalize the notifications. If you no longer want push notifications and thus no longer agree to further data processing, you must withdraw the authorization for push notifications in under the device settings of the app.

§7 Participants' rights and obligations
7.1 Your rights In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
- The right to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
- the right, in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us.
- the right, pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
- the right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.
- the right, pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
- The right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.
- The right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
7.2 Right to object Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation. If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to [email protected].
7.3 Your obligations You are obliged to comply with all the terms and conditions of this Privacy Policy and the Terms of Use. Among other things, you must respect all intellectual property rights (for example, trademarks or photographs) that may belong to third parties. As a Participant, you have certain obligations to other Participants. Some of these are governed by relevant laws. You may not upload or otherwise distribute any information that may infringe the rights of other Participants or that may be deemed dangerous, violent, offensive, racist or xenophobic, or otherwise contrary to the purpose and spirit of WalletMe. You are obliged to keep your user account data (e-mail address and password), with which you gain access to the system, secret and not to disclose them to any third party. In the event of failure to comply with the above obligations, WalletMe may unilaterally restrict and/or temporarily or permanently discontinue the operation of the Account.

§8 Important Information
8.1 Reservation of right to make changes We reserve the right to adapt or update this Privacy Policy if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The most current version applies to your visit.
8.2 Liability and breach notification WalletMe attaches great importance to security and privacy aspects. Nevertheless, you should remember that the Internet is an insecure environment. There are no guarantees that information will not be read, disclosed, altered or destroyed as a result. You are responsible for maintaining the security of your credentials. Emails, instant messages and similar communications with other WalletMe Participants are not encrypted. Therefore, you should not disclose confidential information by these means. To ensure the security of the User's account, you should use a reliable password.
8.3 Minors under the age of 18 are considered minors and are not eligible to participate in WalletMe's marketing plan and receive funds as a reward for recommending our company's services. Users are personally liable for violations of this clause, as well as for misleading the Company regarding their age by providing false information during registration.

In the event of any discrepancy between the German and English versions of this document, the German language shall prevail. 

Status: 01.10.2021