Status January 2025
With the following privacy policy, we would like to inform you about what types of personal data we
process, for what purposes and to what extent. The privacy policy applies to all processing of
personal data carried out by us, both in the context of providing our services and, in particular, on
our websites and external online presences, such as our social media profiles.
1. Responsible body
TFS Group GmbH
Fanshop.app
Theaterstrasse 3
30159 Hanover
Tel: +49(0)171 7761921
E-Mail: info@tfsgroup.gmbh
2. Overview
We operate an online marketplace that brings together creators, influencers, musicians and other
public figures (hereinafter: creators) and followers (hereinafter: buyers) (hereinafter: FANSHOP)
under the domain https://www.fanshop.app and associated sub-sites (hereinafter: fanshop domain)
and with the help of the mobile app FANSHOP (hereinafter: app), which is available for download for
various operating systems.
With the service offered, the user of FANSHOP (hereinafter: user or you) can create a profile
(hereinafter: user profile) free of charge and either post offers for goods, digital goods or services as
a seller or conclude contracts with the seller or us for the delivery of goods or the provision of
services as a buyer. The user has the option of functions such as the chat and many other FANSHOP
functions. FANSHOP also offers fee-based functions.
Registration is possible from the age of 18.
Your data will be collected, processed and used in accordance with the provisions of the German
Telemedia Act (TMG) and data protection law, in particular the German Federal Data Protection Act
(BDSG) and, from May 25, 2018, the General Data Protection Regulation (GDPR).
This privacy policy explains how we handle personal data. Personal data is individual information
about personal or factual circumstances of a specific or identifiable natural person. This includes, for
example, name, birthday, telephone number, but also e-mail address and usage data, such as the IP
address. Furthermore, the data protection declaration serves to provide information about which
data is collected, stored and processed and how we guarantee the protection and security of
personal data.
When registering, the user is obliged to their first and last name, their e-mail address and a
password. For individual parts of FANSHOP it may be necessary for tax and shipping reasons that you
also provide us with your address and nationality. We will inform you separately in these cases.
Creators must also provide their public name / business name and the information required by law.
However, the Creator's information must only be disclosed to us. The personal data will be treated
confidentially in this respect and, in particular, the Creator's address will be anonymized as part of
the mailing process
3. How is my data collected, processed and used when I download the app?
When the app is downloaded, the necessary information is transferred to the respective app store
operator. Depending on the app store, this includes, for example, the email address or customer
number of the app store user of the respective app store, the time of the download and an individual
device identification number. However, we have no influence on this data collection and are not
responsible for its processing. The corresponding data protection declarations/settings of the
respective app store operator apply.
We process the data provided by the respective app store operator insofar as this is necessary for
downloading the app to the end device.
We require various access options and information for the technical functionality of the app and to
provide the services offered with the app. Depending on the operating system, permission to access
individual functions and information may be requested during the installation process. The access
permissions include the location, notifications and mobile data. Some of these permissions can be
revoked manually in the device settings. However, it should be noted that the app can only be used
to a limited extent or not at all without the appropriate permissions. Depending on the app version,
authorizations are requested before or after installation.
4. How is my data collected, processed and used when I visit the FANSHOP domain or the
app without creating a user profile?
We use the personal data that the user provides or that is generated when using FANSHOP without
creating a user profile without separate consent exclusively for the purpose of implementing the user
relationship and for our legitimate interest in accordance with this privacy policy.
When simply visiting the FANSHOP domain (on a so-called landing page/start page) or installing the
app without creating a user profile, we collect the following data transmitted by the user's device or
browser:
• IP address
• Name of the website accessed, file, date and time of the request
• Amount of data transferred
• Browser type and version
• Referrer URL (origin URL) from which the user came to the accessed page
• Requesting provider
In addition, when the app is simply installed without registration or creation of a user profile, the
following data is transmitted by the user's device:
• Push Handle (for sending push messages)
• Location data (GPS location), provided the user has granted the app permission in their device
• Country code
• Language
• Device data, such as manufacturer, device type, advertising ID, operating system and version.
This data is required for the use of the FANSHOP domain or installation of the app and is used for
evaluation for statistical purposes and to optimize FANSHOP. The data is processed and used to
prevent and combat fake profiles, illegal activities and spam as well as to ensure the integrity and
stability of FANSHOP. For this purpose, we store the data collected in full for up to 90 days.
The location data is collected, processed and used so that the user can use the so-called locationbased
service, which offers suggestions tailored to the respective location after registration.
We also use cookies, analysis services and tracking providers.
5. How is my data collected, processed and used once a user profile has been created
and when I use the app or the FANSHOP domain?
We use the personal data that the user provides or that is collected when using FANSHOP after
creating a user profile without separate consent exclusively for the purpose of implementing the user
relationship and for our legitimate interest in accordance with this privacy policy. In order to use
FANSHOP to its full extent, it is necessary for the user to create a user profile. For this purpose, the
user must provide further personal data that we use to provide the respective service.
a. Mandatory information
The following information must be provided when creating a user profile and registering as a seller:
• E-mail address
• password
• First and last name / company
• User name (pseudonym)
• Date of birth (for age verification)
• Phone number (for verification)
• Address
• Payment data
• Tax number / VAT number
Buyers must provide the following information when registering
• E-mail address
• password
• First and last name
• User name (pseudonym)
• Date of birth (for age verification)
• Phone number (for verification)
The data provided is collected, processed and used for the purpose of using FANSHOP. Among other
things, the data is used for addressing, authentication, age verification, personalization of the profile
and in pseudonymous form for advertising purposes. They are also used for payment and shipping
processing. The seller receives the buyer's address data for shipping processing if the shipping is
organized by the seller independently.
We delete this data when you delete your user account. The legal basis for this processing of
personal data is Art. 6 para. 1 lit. b) GDPR or Art. 6 para. 1 lit. f) GDPR.
b. Voluntary information
The user can make a variety of voluntary entries in his user profile and set search filters. This serves
in particular the function of FANSHOP to select recommendations for other user profiles according to
different criteria for the user and to display them within FANSHOP. Additional information increases
the probability of coming into contact with suitable user profiles. This information is voluntary for the
user and can be viewed, entered, changed or deleted in the profile under Details.
The data provided is collected, processed and used by us for the purpose of using FANSHOP. This
voluntary information is visible to other logged-in users within FANSHOP as "public", but can be
deleted or changed by the user profile owner at any time under the settings within the user profile.
In addition, this data can also be processed and used for advertising purposes.
We delete this data when you delete your user account. The legal basis for this processing of
personal data is Art. 6 para. 1 lit. b) GDPR or Art. 6 para. 1 lit. f) GDPR.
c. Location data
FANSHOP's offering also includes location-based services, with which the user is shown special offers
that are tailored to the respective location. In particular, this allows users to be shown other users
who are in their vicinity. In order to be able to offer these functions within the app, FANSHOP collects
location data by means of GPS of the end device used as well as location data via nearby radio access
nodes.
Before the location data is collected for the first time, the user must allow the location data to be
collected. The location data is then processed in accordance with this privacy policy. If the location
survey is active, the location is regularly transmitted to us with permission and processed and used
there.
The user can adjust this function at any time in the settings of the operating system on their end
device, i.e. allow the collection of location data or revoke its use.
The location data is also processed by FANSHOP for advertising purposes, provided the user has not
objected to its use in the app settings.
We store location data in unabridged form for up to 14 days and in abridged form for up to 90 days.
The legal basis for this processing of personal data is Art. 6 para. 1 lit. b) or f ) GDPR.
d. Data that we receive as a result of your use of FANSHOP
The IP addresses and the associated network data (e.g. the country in which the IP is registered) of
the users are recorded for security and verification purposes. This is to prevent misuse of the service.
The data is processed and used to prevent and combat fake profiles, illegal activities and spam as
well as to ensure the integrity and stability of FANSHOP. For this purpose, we store the data collected
in full for up to 90 days, after which it is stored until your profile is deleted. The legal basis for this
processing of personal data is Art. 6 para. 1 f) GDPR. The IP address is also passed on to advertising
partners when advertising is displayed. This forwarding is for technical reasons and cannot be
prevented. When selecting its advertising partners, FANSHOP has taken care to ensure that your
privacy remains protected by contractual and legal provisions.
When using the app or the website, we receive information about the devices used, such as the
manufacturer, operating system and advertising ID. The data is processed and used to prevent and
combat fake profiles, illegal activities and spam as well as to ensure the integrity and stability of
FANSHOP. For this purpose, we store the collected data for up to
90 days in full and delete this data when you delete your user account. The legal basis for this
processing of personal data is Art. 6 para. 1 f) GDPR.
When you use the app or the platform, we receive information about your actions in the app or on
the platform, such as when you search for users using click data, make a match or send messages.
The data provided is stored, processed and used by us for the purpose of using FANSHOP. This serves
in particular the function of FANSHOP to select recommendations for other user profiles according to
different criteria for the user and to display them within FANSHOP. This additional information
increases the probability of coming into contact with suitable user profiles. This data is an important
part of understanding which profiles are likely to be of interest to you and which profiles we should
show you. This data is also stored, processed and used to prevent and combat fake profiles, illegal
activities and spam and to ensure the integrity and stability of FANSHOP. We delete this data when
you delete your user account. The legal basis for this processing of personal data is Art. 6 para. 1 lit.
b) GDPR or Art. 6 para. f) GDPR.
e. Payment data
If the user makes in-app purchases via FANSHOP, this is done via external payment providers. We do
not collect and process any payment data when a purchase is made. The payment data is entered
and processed directly by the payment providers. Technical data (including the transaction ID) is
exchanged between us and the payment providers to validate the purchases. We store this data until
your user account is deleted or beyond
until the data is no longer subject to any tax, commercial or other statutory retention obligations.
The technical service provider for the transmission of payment data to various payment processors
(PSP) is Xolvis GmbH, Im Thal 2, 82377 Penzberg (www.xolvis.com). Stripe is as the payment
processor. The specific terms and conditions and privacy policy are available here:
https://stripe.com/de/privacy
The following payment options are :
For the use of PayPal, all transactions are subject to the PayPal Privacy Policy, available at
https://www.paypal.com/de/webapps/mpp/ua/privacy-full. For transactions via the Apple Store,
Apple's privacy policy applies: https://www.apple.com/legal/privacy/de- ww/, via the
Google Play Store the privacy policy from Google:
https://policies.google.com/privacy?hl=de. The following privacy policy applies to transactions with
Mastercard: https://www.mastercard.de/de-de/datenschutz.html. The following privacy policy
applies to the use of VISA: https://www.visa.de/nutzungsbedingungen/visa-privacy- center.html. The
following privacy policy applies to the use of American Express:
https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/karteninhaberdatenschutz-
persoenlich/. For the use of VOLT Open Banking applies the
following privacy policy: https://www.volt.io/legal/privacy/
The legal basis for this processing of personal data is Art. 6 para. 1 lit. b) GDPR.
6. How is my data used by FANSHOP for advertising purposes?
At FANSHOP, we have decided that every user can use FANSHOP without paying a fee. However, the
user will be shown advertising in the free version. The advertising shown at FANSHOP contains own
advertising content (e.g. about FANSHOP's premium products) or is commissioned by the advertiser
in so-called campaigns. Campaigns can also personalized and therefore only displayed to certain user
groups. Some of the advertising displayed on FANSHOP is provided by external service providers.
a. What data is used for advertising purposes and who receives it?
We may place third-party advertising on FANSHOP, which may also be tailored to the presumed
special interests of users (personalized advertising) or tailored to specific user groups according to
age, location or gender. The user can object to the use of the data with effect for the future at any
time in the profile settings under "Privacy". We and our advertising partners only process data that
the user has made public and is therefore of low sensitivity, as well as device and network data, and
only in pseudonymous form. Under no circumstances do we pass on the name, email address, profile
picture or exact location of the user or similar data that would allow direct conclusions to be drawn
about the exact person of the user to advertising partners. When such personalized advertising is
placed, the respective third-party provider for whom advertising is to be placed on FANSHOP or
through whose services advertising is placed by other third parties receives the following
pseudonymized data (hereinafter: the "transmission data"):
• Advertiser ID
• Age published by the user in his profile
• approximate location published by the user
• Technical data about the end device
• Data on the use of FANSHOP
• Data on the advertisements placed
The Advertiser ID is the so-called "Advertiser Identifier" (IDFA) from Apple or the
"Android Advertiser ID" from Google. These are unique but non-permanent identification numbers
for a specific end device, which are provided by iOS (Apple) or Android (Google). This is identical to
the advertiser ID that is transmitted to other companies when apps are used. The advertiser ID is
anonymous and is not merged with other user data in order to identify the user for advertising
purposes. The user can find more information in the Apple and Google privacy policies already
provided.
The transmission data is forwarded to the following categories of recipients for the purposes listed:
• Operators of advertising networks
• Operators of tracking services
• Affiliate networks
• Operators of customer relationship services
• Other sales & marketing partners
The user can revoke the processing of this data by FANSHOP at any time in the profile settings under
"Privacy" or the device settings with effect for the future. They can delete the IDFA or the advertising
ID at any time in the device settings (for iOS: Privacy - Advertising - Activate the option "No ad
tracking"; for Android: "Settings - Google - Ads - Activate the option "Disable interest-based ads"). A
new identification number is then created which is not merged with the previously collected data.
This allows users to ensure that they are no longer shown advertising based on the data that was
transmitted to our advertising partners before they objected.
All contractual partners have undertaken to us to process the data exclusively in accordance with the
high data protection standards of the European Union and for the purpose of advertising. This means
that all of our advertising partners have undertaken not to identify the user or to remove the
pseudonymity. Some of the recipients are located outside the European Union. We transfer the data
to recipients outside the European Union if the level of data protection in the third country has been
determined to be adequate by the EU Commission or if the recipient has provided suitable
guarantees to ensure an adequate level of protection.
The transmission data is transferred to the following countries:
• USA (EU-US Data Privacy Framework Agreement or EU standard contractual clauses)
• Israel (Adequate level of data protection recognized by the EU Commission)
• India (EU standard contractual clauses)
The EU-US Data Privacy Framework Agreement, the adequacy decision and the EU standard
contractual clauses can be viewed on the EU Commission's website
(https://ec.europa.eu/info/law/law-topic/data-protection_de).
b. Use of location data
In addition to the collection of location data via GPS location to fulfill the location-based service, we
process location data for advertising purposes. FANSHOP never passes on the user's exact location to
advertising partners. In order to adequately protect the user's privacy, the location data is provided
with an inaccuracy of approx. 2 km. In our opinion, it is therefore not possible to identify the user or
to remove the pseudonymization, or only with disproportionate and unlawful means.
c. Legal basis for the use of data and display of personalized advertising
We base the processing and disclosure of the above data on the fulfillment of the contract with the
user (Art. 6 para. 1 lit. b GDPR in conjunction with Section 7.5.5 of our GTC), on his consent (Art. 6
para. 1 lit. a GDPR) and our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
We offer our service in such a way that parts of FANSHOP free of charge. To enable users to use
FANSHOP free of charge, we display advertising and use personal data for this purpose in accordance
with the above provisions. The prerequisite for the transfer of the above data to the recipients is
always that contractual, legal, technical and organizational measures ensure that the data is used
exclusively in a manner that complies with data protection law. When using the free version of the
app, the user to the transfer of their data to the above categories of recipients. When selecting the
data, we have limited ourselves to data that is not highly sensitive for individual users even if it
becomes known, whether a breach of the law or hacking attacks on our advertising partners. We
therefore only pass on the data in pseudonymized form, i.e. it only possible to identify individual
users with great technical effort and by breaking the law. We only pass on data that has been
voluntarily made public by the user on FANSHOP and is therefore recognizably of low sensitivity for
the user and device and connection data that is not sensitive by its very nature.
d. Forwarding the e-mail address to advertising partners only with express consent
In addition, with the express consent of the user, we have the right to transmit the user's e-mail
address to third parties for advertising purposes by e-mail and for advertising products comparable
to FANSHOP.
We base the processing and disclosure of the above data on the fulfillment of the contract with the
user (Art. 6 para. 1 lit. b GDPR in conjunction with Section 7.5.5 of our GTC), on his consent (Art. 6
para. 1 lit. a GDPR) and our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
The data protection declarations of the respective recipients, which are disclosed to the user as part
of the consent, also apply. The user has the right to revoke their consent to the forwarding of the email
address at any time.
7. Which cookies, tracking providers and analysis services do we use?
a. Cookies
We use cookies for the operation of our website to ensure the technical functionality of our website,
to understand how visitors use our website and to default settings that a user has made in their
browser. We also use them to control our advertising measures.
A cookie is a small text file that is stored on the user's end device when the user's browser accesses
our website. If the user visits our website again later, we can read these cookies again. Cookies are
stored for different lengths of time. The user has the option of setting their browser accept cookies
at any time, but this may result in our website no longer functioning properly. Furthermore, the user
can delete cookies independently at any time. If the user does not do this, we can specify how long a
cookie should be stored on the user's computer when it is saved. A distinction must be made here
between so-called session cookies and persistent cookies. Session cookies are deleted by the user's
browser when they leave our website or close the browser. Persistent cookies are stored for the
duration specified by us when they are saved.
We use cookies for the following purposes:
• Technically necessary cookies that are absolutely essential for the use of the functions of our website
(e.g. recognizing whether the user has logged in). Without these cookies, certain functions could not be
provided.
• Functional cookies, which are used to technically perform certain functions that the user wants to use.
• Analysis cookies, which are used to analyze user behavior.
• Third-party cookies that we use for advertising purposes.
Most browsers that our users use allow them to set which cookies are to be stored and make it
possible to delete (certain) cookies again. If you restrict the storage of cookies to certain websites or
do not allow cookies from third-party websites, this may mean that our website no longer be used to
its full extent. Here you will find information on how to adjust the cookie settings for the most
common browsers:
• Google Chrome
• Internet Explorer
• Firefox
• Safari
b. Tracking providers, analysis services and security services
In order optimize our services and offer them in the best possible way, we carry out analyses of
visitor behavior. For this purpose, we use analysis methods with which visitors to the FANSHOP
domain or app can be analyzed. We also third-party tracking tools to analyze the reach of various
advertising campaigns and marketing activities. Personal data may also be transmitted when thirdparty
tools are used. In addition to troubleshooting, the purpose of data processing is primarily to
optimize FANSHOP with regard to the needs of users. We also receive key figures about the number
of visitors via the web analysis process and
their distribution over time, popular content and the length of time users spend on the site. It may
be possible to determine whether a user profile was created as a result of an advertising measure.
The data is processed and used to prevent and combat fake profiles, illegal activities and spam and to
ensure the security of FANSHOP. User data is transmitted to various third-party providers to carry
out the analysis. We currently use the following analysis and tracking providers:
• TelemetryDeck
FANSHOP uses the app usage analysis tool "TelemetryDeck", a product of the company
TelemetryDeck GmbH, Von-der-Tann-Straße 54, 86159 Augsburg, Germany. When the user installs
the FANSHOP app, TelemetryDeck stores installation and event data from the iOS or Android app.
This allows us to understand how our users interact with the FANSHOP app. It also allows us to
analyze and improve our mobile advertising campaigns. For this analysis, TelemetryDeck uses the
IDFA or advertiser ID, as well as the anonymized IP and MAC address of the user. The data is
anonymized on one side, i.e. it is not possible to identify the user or their mobile device.
• Google Analytics
We use Google Analytics, a service of Google LLC ("Google"), Amphitheatre Parkway, Mountain View,
CA 94043, USA, as part of order processing via the Google Tag Manager. Google uses a so-called
"cookie" as a processor for this purpose. This is a small text file that is stored on the user's computer
by the user's browser. By means of this cookie, Google receives information about which website
was accessed by the user and, in particular, the following information: browser type/version,
operating system used, technical information about the operating system and the browser as well as
the public IP address of the computer used by the user. We use Google Analytics in such a way that
the IP address is only used in anonymized form. This anonymization takes place in the European
Union or a member state of the EEA, according to Google. Only in exceptional cases will the full IP
address be transmitted to a Google server in the USA and only shortened there. According to Google,
anonymization takes place before the IP address is stored on a permanent data carrier for the first
time. For details, please refer to the privacy policy from
Google, available at
https://support.google.com/analytics/answer/6004245?hl=de.
Google Analytics allows us to compile non-personal usage statistics for our website as well as
demographic data about visitors and their user behavior. Furthermore, statistics are compiled that
help us to better understand how our website is found in order to improve our search engine
optimization and our advertising measures. With this processing, we pursue the legitimate interest of
being able to improve our website and our advertising measures. The legal basis for processing is Art.
6 para. 1 f) GDPR.
The user can find information on how to object to the use of Google Analytics at
https://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on or within
browsers on mobile devices, the user can also click on the following link
https://www.idates.com/disable-google-tag-manager to prevent the collection by Google Analytics
within this website in the future (the opt-out only works in this browser and only for this domain). An
opt-out cookie is stored on the user's device. If they delete their cookies in this browser, they must
click this link again.
Google is a member of the Privacy Shield Agreement and has concluded a data processing agreement
with us for Google Analytics. The pseudonymous data is deleted after 26 months.
• Shake
We use the Shake service (Shake Ltd., Radnicka 47, Zagreb, Croatia) to improve the technical stability
of our service by monitoring system stability and detecting code errors. Shake only serves these
purposes and does not analyze data for advertising purposes. User data, such as information on the
device or time of error, is collected anonymously and is not used for personal purposes and is
subsequently deleted. Users can find further information on this in Shake's privacy policy:
https://www.shakebugs.com/privacy/
Which plugins and tools are integrated?
● Sumsub
As part of the registration process, the Creator's data is verified by the company Sumsub GmbH,
Scharnhorststraße 8b, 10115 Berlin (www.sumsub.com) on our behalf in order to compare the
Creator's existing tax ID with the personal data provided by the Creator. Sumsub's privacy policy is
available at https://sumsub.com/privacy- notice-service/.
● Google Maps
We use the "Google Maps API" of the company Google Inc. (Google) for the visual display of map
material. When Google Maps is used, Google also collects, processes and uses data about the use of
the Maps functions by users.
The use of Google Maps serves to display location information and therefore constitutes a legitimate
interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR.
Further information on Google's privacy policy can be found at:
https://www.google.com/intl/de/policies/privacy/.
● YouTube
We use plugins from the YouTube site operated by Google. The operator of the pages is YouTube,
LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a
YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed
which of our pages you have visited. If you are logged into your YouTube account, you enable
YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by
logging out of your YouTube account.
The use of YouTube videos serves to better visualize our offer and therefore represents a legitimate
interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR.
8. How are social media and like buttons integrated?
The FANSHOP domain contains links to our accounts on the social networks Instagram, Tik-Tok,
Twitter, YouTube, Pinterest, Facebook and Google+. After clicking on the embedded graphic, the user
is redirected to the page of the respective provider of Instagram, YouTube, Pinterest, Twitter,
Facebook or Google+, i.e. only then is user information transferred to the respective provider. The
legal basis for data processing is then the consent of the user in accordance with Art. 6 para. 1 lit. a)
GDPR.
If the user is logged into their user profile in the corresponding social network, an association with
the visit to FANSHOP takes place after activation of the button. If the user does not wish data about
the FANSHOP domain to be collected by the social networks, they should log out of these networks
before visiting the FANSHOP domain. However, if the corresponding button is activated by clicking on
it, cookie(s) with an identifier will still be set each time FANSHOP is accessed. This function may
therefore be used to collect data and create a profile that can be traced back to an individual person.
If the user does not wish this to happen, they can deactivate the corresponding link within the
FANSHOP domain by clicking on it. The user can also set his browser so that the acceptance of
cookies is generally excluded; however, we would like to point out that in this case the functionality
of FANSHOP may be restricted.
Information on the handling of personal data when using these websites can be found in the
respective privacy policies of the providers.
The privacy policy of Facebook (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA
94304, USA) can be found at https://de-de.facebook.com/about/privacy/.
The privacy policy of Twitter (operated by Twitter Inc., 795 Flom St., Suite 600, San Francisco, CA
94107, USA) can be found athttps://twitter.com/privacy.
• TikTok
The privacy policy of TikTok (operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin,
D02 T380, Ireland) can be found at https://www.tiktok.com/legal/privacy-policy?lang=de.
The privacy policy of Instagram (operated by Facebook Inc., 1601 S. California Ave, Palo
Alto, CA 94304, USA) can
be found athttps://www.instagram.com orhttps://help.instagram.com/155833707900388.
• Google+ / YouTube
The data protection provisions of Google / YouTube (each operated by Google Inc., 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA) can
be found at https://www.google.de/intl/de/policies/privacy/.
The privacy policy of Pinterest (operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA
94103, USA) can be found at https://about.pinterest.com/de/privacy-policy.
Furthermore, social plugins of the social networks Facebook (operated by Facebook Inc., 1601 S.
California Ave, Palo Alto, CA 94304, USA) and Twitter (operated by Twitter Inc., 795 Folsom Street,
Suite 600, San Francisco, CA 94107, USA) are initially inactively integrated on the FANSHOP domain.
By clicking on "Like us on Facebook" or "Follow us on Twitter", the respective social plugin of
Facebook or Twitter is activated and only then is user information transmitted to the provider of
Facebook or Twitter. With a further click, the user can then like or follow our account and will be
informed by the service about activities on our account on Facebook or Twitter. We have no
influence on the collection, processing and use of data by the respective networks.
The legal basis for data processing is then the consent of the user pursuant to Art. 6 para. 1 lit.
a) GDPR.
If the user does not want social networks to collect data about the FANSHOP domain, the above
applies accordingly.
9. Sign in with Apple ID or Google
We offer the user the option of registering for FANSHOP with Apple ID or Google. To register, the
user is redirected to Apple or Google page, where he or she logs in with his or her user data, unless
he or she is already logged in. By clicking on the user, the respective Apple or Google profile and the
user profile at FANSHOP are then linked. As a result of the link, we automatically receive the user's
data from Apple or Google in the form of the e-mail address and other data within the user's public
Apple or Google profile. The public Apple or Google profile contains data that the user has made
accessible to the public on Apple or Google.
We use the data transmitted by Apple and Google for the user profile. Further information on Apple
ID and logging in with Google as well as privacy settings can be found in the data protection notices
and terms of use of Facebook and Google.
The legal basis for data processing is then the consent of the user pursuant to Art. 6 para. 1 lit.
a) GDPR, which is granted with the use of the corresponding service.
10. How is data disclosed and passed on?
We do not pass on users' personal data to third parties unless we have the user's consent or the
transfer is required or permitted by law.
a. General information
We may pass on user data to external service providers and representatives as well as affiliated
companies for contract data processing, which we may commission with the processing of user data.
The legal basis for this is Art. 28 GDPR.
We may also pass on user data to affiliated companies as the responsible body within the group of
companies for internal administrative purposes. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
We may also use user data in the event of changes to our business structure (e.g. mergers,
acquisitions, insolvency proceedings, dissolution, restructuring, sale of some or all of our assets,
financing or similar transactions and preparatory actions) or as required by law (to comply with
regulations, regulatory requirements, in response to lawful requests, court orders and legal process),
to enforce our rights (to prevent fraud and ensure security and defense of property).
In addition, we may use data adjusted for personal characteristics for any purpose (e.g. to partners,
business purposes, analyses) and pass it on in pseudonymized form to advertising partners and
analysis and tracking services.
b. Categories of data recipients
We only pass on users' personal data to third parties if this is necessary to fulfill our own business
purposes (i.e. in particular to provide the services owed by us to the user), if the user has given their
consent for this, if it is covered by our legitimate interest or if we are obliged to do so by law or due
to a court or official order.
We work together with external service providers in the context of data processing. As a rule, this is
done on the basis of so-called order processing, in which we remain responsible for data processing.
We check each of these service providers in advance for the data protection and data security
measures they have taken and thus ensure that the contractual regulations for the protection of
personal data provided for by law are complied with.
The following categories of recipients currently receive personal data from us:
• Government agencies and courts
• Technical service providers
• Hosting service provider
• E-mail dispatch service provider
• Email marketing service provider
• Services for the provision of customer support
• Advertising and sales partners
• Cooperation partner
• Other platform providers in the context of so-called "social plugins"
• Analysis and tracking services
• Affiliated companies
Depending on the nature of the services provided, we may also use affiliated companies as data
processors for the provision of some or all of the services offered to the customer.
c. Third countries
Data transferred to third countries, but only in compliance with the statutory conditions of
admissibility. Data is transferred to the following countries in accordance with the respective legal
requirements:
• USA (EU-US Data Privacy Framework Agreement or EU standard contractual clauses)
• Israel (Adequate level of data protection recognized by the EU Commission)
• India (EU standard contractual clauses)
The EU-US Data Privacy Framework Agreement, the adequacy decision and the EU standard
contractual clauses can be viewed on the EU Commission's website
(https://ec.europa.eu/info/law/law-topic/data-protection_en).
11. How is data processed and used to prevent and combat fake profiles, illegal activities and
spam and to ensure the integrity and stability of FANSHOP?
To combat fake profiles, illegal activities (fraud, blackmail, prostitution, etc.), SPAM (third-party
advertising) and to ensure the integrity and stability of FANSHOP, personal data is used as follows:
• IP and e-mail addresses are stored to detect spam and illegal activities as long as the user is active.
• Messages are automatically checked for keywords, but are not stored for this purpose.
• Personal data such as gender, age and location are stored for active users and used in combination with
other, non-personal data to detect anomalies.
• To verify suspicious profiles via SMS, telephone numbers that have already been used are saved, but
cannot be linked to the verified user.
CloudFlare
We use the technology of CloudFlare Inc, Inc 665 3rd St. 200, San Francisco, CA 94107, USA to
protect FANSHOP and to increase the security and stability of FANSHOP. For this purpose, CloudFlare
and FANSHOP set cookies and process and analyze other device and network data to distinguish
legitimate FANSHOP users from hackers, SPAM and the like. CloudFlare processes the data
exclusively on our behalf and not for its own purposes. Further information on data protection at
CloudFlare can be found at the following link: https://www.cloudflare.com/security-policy.
Legal basis
We base the aforementioned data processing on Art. 6 para. 1 lit. f GDPR. We have a legitimate
interest in keeping our platform stable and free of spam, legal violations and fake profiles.
12. How does data deletion and the creation of backups work?
With the deletion of the user profile (note: not by deleting the app!) or corresponding notification to
us, all collected data of the user will be deleted or anonymized. In addition, the user can delete
individual data in the profile themselves at any time or request this from us via a corresponding
notification.
Data that must be retained due to legal regulations, for contract processing or for contract fulfillment
with other users is excluded from deletion. In the event of deletion, we therefore do not delete the
following data in particular immediately, but only after a period has expired:
• Payment data and premium redemption data that we must store for tax law reasons. (After the expiry
of the statutory retention periods)
• Data that the user has shared with other users in chats, such as messages or images (see below.)
When do we delete data that a user has shared with other users?
We delete data that publicly accessible in the user profile, e.g. profile pictures, pictures in the stream
and profile data, as soon as possible in accordance with the above standards.
We cannot simply delete data that a user has shared non-publicly with other users on FANSHOP
without interfering with the rights of other users. For this reason, chat content is only deleted once
both users have deleted themselves.
When will the deletion take place?
Deletion from the databases and thus from the FANSHOP user interface takes place immediately;
however, it may take up to 14 days before deletion from all server layers, cache memories and
backup databases of FANSHOP takes place.
If deletion is not possible, the data will be anonymized or blocked.
We reserve the right to check profile files before deletion and, if necessary, to secure them if there
a suspicion that the user profiles being used in violation of the law or the contract. This serves to
protect the users of our services.
Irrespective of the deletion of data triggered by profile deletion by the user, we automatically delete
historical data that is no longer required for contract fulfillment (e.g. historical location data and IP
data) at regular intervals.
We create so-called backups to secure the databases, which are overwritten after 14 days and thus
permanently deleted. If these data backups contain log files, these are also deleted. If a user profile is
completely deleted, the log files are also deleted.
13. What data security measures do we have in place?
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of
encryption supported by your browser when you visit our website. As a rule, this is 256-bit
encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology
instead. The user can recognize whether an individual page of our website is transmitted in
encrypted form by the closed display of the key or lock symbol in the lower status bar of their
browser.
We also use suitable technical and organizational security measures to protect the user's data against
accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access
by third parties. Our security measures are continuously improved in line with technological
developments.
14. Newsletter
We only send newsletters, emails and other electronic notifications (hereinafter "newsletter") with
the consent of the recipient or with legal permission. If the contents of the newsletter are specifically
described when registering for the newsletter, they are decisive for the user's consent. Otherwise,
our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient for the user to provide their e-mail address.
However, we may ask the user to provide a name in order to address them personally in the
newsletter, or to provide further information if this is necessary for the purposes of the newsletter.
Registration for our newsletter is always carried out in a so-called double opt-in procedure. This
means that after registering, the user receives an email asking them to confirm their registration.
Subscriptions to the newsletter are logged in order to be able to prove the registration process in
accordance with legal requirements. This includes storing the time of registration and confirmation
as well as the IP address. Changes to the user's data stored by the mailing service provider are also
logged.
We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate
interests before deleting them in order to be able to prove that consent was originally given. The
processing of this data is limited to the purpose of a possible defense against claims. A request for
erasure is possible at any time. In the event of obligations to permanently observe objections, we
reserve the right to store the e-mail address in a blacklist for this purpose alone.
The registration process is logged on the basis of our legitimate interests for the purpose of verifying
that it has been carried out correctly. The newsletter is sent on the basis of the consent of the
recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, if
and to the extent that this is permitted by law,
e.g. in the case of existing customer advertising, is permitted. The registration process is recorded on
the basis of our legitimate interests in order to prove that it has been carried out in accordance with
the law.
The newsletters contain information about us, our services, promotions and offers.
The following data is processed for the purpose of direct marketing on the basis of consent (Art. 6
para. 1 sentence 1 lit. a GDPR) or legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR):
Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers),
meta/communication data (e.g. device information, IP addresses).
The user can cancel the receipt of our newsletter at any time, i.e. revoke their consent or object to
further receipt. The user will find a link to unsubscribe from the newsletter either at the end of each
newsletter or he can use one of the contact options given above, preferably e-mail.
15. Amendment and updating of the privacy policy
We ask users to inform themselves regularly about the content of our privacy policy. We will adapt
the privacy policy as soon as changes to the data processing carried out by us make this necessary.
We will inform the user as soon as the changes require cooperation on their part (e.g. consent) or
other individual notification.
16. Rights of the user: right of objection, consent and revocation, information, correction,
deletion, transfer
As a data subject, the user is entitled to various rights under the GDPR, which arise in particular from
Art. 15 to 18 and 21 GDPR:
a. Right of objection
The user has the right to object, on grounds relating to his or her particular situation, at any time to
processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1)
GDPR, including profiling based on those provisions. Where personal data concerning the user is
processed direct marketing purposes, the user shall have the right to object at any time to processing
of personal data concerning him or her for such marketing, which includes profiling to the extent that
it is related to such direct marketing.
b. Right to withdraw consent
The user has the right to withdraw consent at any time. This can be done at the specified locations of
the app or the FANSHOP domain within the user profile or by e-mail or letter to our contact details
mentioned at the beginning.
c. Right to information
The user has the right to request confirmation as to whether the data in question is being processed
and to request information about this data as well as further information and a copy of the data in
accordance with the legal requirements.
d. Right to rectification
In accordance with legal requirements, the user has the right to request the completion of data
concerning him or her or the correction of incorrect data concerning him or her.
e. Right to erasure and restriction of processing
In accordance with the legal requirements, the user has the right to demand that data concerning
him or her be deleted immediately or, alternatively, to demand that the processing of the data be
restricted in accordance with the legal requirements.
f. Right to data portability
The user has the right to receive the data concerning him or her that he or she has provided to us in a
structured, commonly used and machine-readable format in accordance with the legal requirements
or to request its transmission to another controller.
g. Complaint to supervisory authority:
The user also has the right to lodge a complaint with a supervisory authority, in particular in the
Member State of his or her habitual residence, place of work or place of the alleged infringement if
the user considers that the processing of personal data relating to him or her infringes the GDPR.
Supervisory authority responsible for us:
The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover
Phone 0511-120 4500
Fax 0511-120 4599
poststelle@lfd.niedersachsen.de
