QrushBETA

Privacy Policy

1. Responsible Entity

Qrush GmbH
Zum Sportplatz 5
01723 Kesselsdorf
Phone: +49 152 24871373
Email: contact[at]qrushapp.de

2. General Information on Data Processing

We process your personal data only to the extent necessary to provide a functional app, website, and our content and services.

Legal basis for processing:

  • Art. 6 Abs. 1 lit. a) DSGVO – Consent
  • Art. 6 Abs. 1 lit. b) DSGVO – Contract performance
  • Art. 6 Abs. 1 lit. c) DSGVO – Legal obligation
  • Art. 6 Abs. 1 lit. f) DSGVO – Legitimate interest

3. Your Rights as a Data Subject

You have the right:

  • to information (Art. 15 DSGVO, §34 BDSG)
  • to rectification (Art. 16 DSGVO)
  • to erasure (Art. 17 DSGVO, §35 BDSG)
  • to restriction of processing (Art. 18 DSGVO)
  • to object to processing (Art. 21 DSGVO)
  • to data portability (Art. 20 DSGVO)
  • to withdraw given consent (Art. 7 Abs. 3 DSGVO)
  • not to be subject to automated decision-making (Art. 22 DSGVO)
  • to lodge a complaint with a supervisory authority (Art. 77 DSGVO)

To exercise your rights, an informal notification to contact@qrushapp.de is sufficient.

4. Procedure for Exercising Data Subject Rights

To process your request, we process your information. This will be stored as proof of your request until the expiration of the limitation period (3 years). The legal basis is Art. 6 Abs. 1 lit. f) DSGVO.

5. Data Transfer to Third Countries

Data transfer outside the EU only occurs if there is an adequacy decision, appropriate safeguards, or your explicit consent according to Art. 44 ff. DSGVO.

6. Contract Processing

We use external service providers (e.g., hosting, analytics, shipping services). They are contractually obligated according to Art. 28 DSGVO to comply with data protection requirements.

7. Data Processing on Our Website

Email Contact

Contacting us via provided email addresses leads to the storage and processing of your information. The legal basis is Art. 6 Abs. 1 lit. b), f) or a) DSGVO.

Analytics Tools and Cookies

Our website uses cookies and analytics tools for optimization. The legal basis for essential cookies is Art. 6 Abs. 1 lit. f) DSGVO, for optional cookies Art. 6 Abs. 1 lit. a) DSGVO.

Cookies Used

  • Session Cookies: Session-related identification, deleted when closing the browser
  • Cookie Consent Cookies: Your consent settings

Server Log Files

Information such as IP address, browser type, referrer, time, etc. is automatically collected and stored for a short time. The legal basis is Art. 6 Abs. 1 lit. f) DSGVO.

8. Data Processing in Our App

A user profile is required to use our app. The following data is processed:

  • Phone number
  • Name (mandatory: real first name)
  • Date of birth
  • Gender & preference
  • Location (optional, with consent)
  • Profile pictures
  • Participation in events & Qrush rounds
  • Matching, chats, QR code function

Legal Basis

  • Contract performance (Art. 6 Abs. 1 lit. b) DSGVO)
  • Consent for location and certain functions (Art. 6 Abs. 1 lit. a) DSGVO)

Chats & Reports

Chats can be technically viewed by us as the app operator. However, we have committed in our terms and conditions to only do so when users report possible violations of our terms and conditions and community guidelines, and then analyze the chats for review purposes. In case of criminally relevant behavior, we reserve the right to forward the data to the competent law enforcement authorities. Legal basis: Art. 6 Abs. 1 lit. b), c) and f) GDPR. Our legitimate interest lies in protecting our users from abusive actions by other users.

Deletion

After deleting your account, data will be completely removed after 3 months.

Payment Processing & Qrush Plus

For payment processing within Qrush Plus, we use the payment service providers Apple and Google via the RevenueCat platform. Personal data such as name and billing address may be processed. Further processing of payment data is carried out by these third parties. The legal basis for this is Art. 6 Abs. 1 lit. b) GDPR (contract performance). We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. Billing-relevant data is stored in accordance with the law for up to 10 years.

App Permissions

Our app requests the following permissions depending on usage: access to camera, location data, photo library, and push notifications. These permissions are based on user consent (Art. 6 Abs. 1 lit. a) DSGVO) and are required for certain functions. Refusal may limit functionality. Users can revoke their consent at any time in device settings.

Analytics and Tracking Services

To optimize our services and for error analysis, we use the analytics tools PostHog and Firebase. Usage data is processed. The legal basis for this is user consent or, where justified, our legitimate interest (Art. 6 Abs. 1 lit. a) or f) DSGVO). Data transfers to these service providers, especially Firebase based in the USA, are carried out based on appropriate protective measures such as standard contractual clauses.

Promotional Communication

We currently do not send paid advertising via push messages or email. However, we obtain consent at the beginning for the use of push notifications. This can be revoked at any time.

Storage Periods

Personal data is retained according to respective legal requirements and storage periods:

  • Profile data and usage data including chat histories: up to 3 months after deletion of user account
  • Payment and billing data: up to 10 years
  • Support and communication data: up to 3 years

Data Transfer to Third Countries

We transfer data to service providers within and outside the EU. The database is hosted with Firebase in the USA. The protection of data in transfers to third countries is ensured by appropriate security measures such as standard contractual clauses according to Art. 46 DSGVO.

9. Data Processing for Advertising Purposes

Social Media Presence

We operate pages on Instagram, TikTok, YouTube, LinkedIn, and X (formerly Twitter). Data may be processed by the platforms outside the EU.

Legal Basis:

  • Legitimate interest (Art. 6 Abs. 1 lit. f) DSGVO)
  • possibly consent (Art. 6 Abs. 1 lit. a) DSGVO)

Note: Platform providers often have direct access to your data. For information or deletion requests, it is most effective to contact them directly.

10. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to adjust it to legal changes or changes in data processing. You can always find the current version on our website.