The protection of your personal data is of particular concern to us at La La Love. Therefore, we comply with the legal requirements when we collect and process your personal data. Below you will find extensive information about the scope and purpose of collecting data.

Principle of anonymous data use

In principle, our website can be used without providing personal data. The use of individual services and offers [in short ‘La La Love Apps’]) on our website and in our apps can entail divergent regulations which in this case are explained separately below. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

When you access our website or Apps, some information, such as IP address, is transferred. You are also providing information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), time of visit to the website, the so-called referrer and volume of data transferred.

We cannot use this data to identify an individual user. We only use this information to determine how attractive our offers are and to improve their performance or content, if necessary, and make their design even more appealing to you.

Please bear in mind, however, that in the case of a static IP address, personal identification is possible by RIPE query in individual cases, although we do not perform this. Nevertheless, this website is accessible for both static and dynamic IP addresses assigned.

Collection and processing of personal data

We only collect personal data if you provide it to us, for example when you contact us, in particular by registering a La La Love account, placing an order, requesting information or publishing personal data in our La La Love Apps in your profile or in the feed.

We use the personal data you provide only to the extent that your data is necessary for rendering or processing our services.

We store your data for as long as is necessary to achieve the intended purpose or until you delete your account or for as long as legal retention periods require data to be stored. Your data is subsequently deleted in accordance with legal requirements or processing is restricted.

In the case of use purely for information, i.e. if you do not register or send us information another way, we only collect personal data which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical purposes in order to show you our content and guarantee stability and security (legal basis is a legitimate interest pursuant to Article 6 (1) (f) GDPR).

In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed up our interest in website provision and your interest in data protection compliant processing of your personal data. As the data below is technically required for the provision of our service in order to offer you our website and also guarantee stability and security, in particular protection against misuse, we have reached the conclusion that, with a state-of-the-art oriented data security guarantee, this data can be processed whereby appropriate consideration will be given to your interest in data protection compliant processing.

DataPurpose of processingStorage period
Operating system usedEnsure evaluation by device and optimized display of the websiteIndefinite
Information about the browser type and version usedEvaluation of the browser used to optimize our websites for itIndefinite
IP addressPresentation of the website on the respective device
Investigation and prevention of fraud
Proof of user’s consent to receiving the newsletter
 
Date and time of visitPresentation of the website on the respective device
Investigation and prevention of fraud
Proof of user’s consent to receiving the newsletter
 
If applicable, manufacturer and model of the smartphone, tablet or other deviceEvaluation of device manufacturers and types of mobile end devices for statistical purposesIndefinite

The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.

Registering a La La Love Account

Using our login system, you can create a La La Love account for yourself that you can use to log in to all of our services. In the process, we use cookies – small files – on your browser in order to identify you. All data that you save to your account is stored at a La La Love GmbH database at Lothstrasse 5, 80335 Munich. Some of our services are only accessible if you have set up your La La Love account. We will request the following data when registering (some of it is required). In addition, you must take note of our Data Protection Statement, as well as accept our General Terms and Conditions of Business and Withdrawal Policy.

DataPurpose of processingLegal basis of processingStorage period
First nameDirect address & presentationPerforming the contractual relationshipUp to 30 days after deletion of the customer account
Last nameDirect address & presentationPerforming the contractual relationshipUp to 30 days after deletion of the customer account
Email addressCustomer account identificationPerforming the contractual relationshipUp to 30 days after deletion of the customer account
PasswordCustomer account identificationPerforming the contractual relationshipUp to 30 days after deletion of the customer account
IP address at loginData transfer at registration to web serverPerforming the contractual relationshipIndefinite
Gender*Suitable user experienceConsentUp to 30 days after deletion of the customer account
Coach personalization*Suitable user experienceConsentUp to 30 days after deletion of the customer account
Profile photo*Direct address & presentationConsentUp to 30 days after deletion of the customer account

* Optional information

Name of providerProvider typeData transfer to third party countryThird party countryGuarantees in acc. with Art. 44 ff GDPR
Amazon Web ServicesOrder processorNo--

Data collection, processing and use in the context of La La Love Service

Community Profile

You need a La La Love account in order to use our La La Love Apps. The data collected for this purpose has already been explained above. To provide you with the best La La Love experience possible, our approach is partly based on publishing specific information relating to our users within the La La Love community, i.e. even your information. We are going to introduce our program to you in more detail below so that you can decide for yourself whether and which data you want to publish. This introduction includes the following data in particular which is visible to other users:

  • public profile (photos, first name, profile attributes)
DataPurpose of processingStorage period
ProfilePresentation and interaction in the communityUp to 30 days after deletion of the customer account
Name of providerProvider typeData transfer to third party countryThird party countryGuarantees in acc. with Art. 44 ff GDPR
Amazon Web ServicesOrder processorNo--

Analysis of location data

Within the framework of our La La Love Apps it is improtant to meassure the distance between you and your match. For this purpose, we need access to location data. This data allows us to calculate distances covered at the relevant time and thereby correctly determine the end for predefined distances or determine distances covered.

DataPurpose of processingLegal basis of processingStorage period
Location dataDetermination of position
Location-based information
ConsentUp to 30 days after deletion of the customer account
Match cityInteraction in the communityConsentUp to 30 days after deletion of the customer account
Name of providerProvider typeData transfer to third party countryThird party countryGuarantees in acc. with Art. 44 ff GDPR
Amazon Web ServicesOrder processorNo--

Access rights

We require these access options and information to ensure the technical function of our app and to provide the services offered with the app, in particular to access your camera or your photos, to determine your running distances and your activity calories or to send you push notifications to inform you about new followers or comments. During the installation procedure or before you use the app for the first time, we request permission to access individual functions and information. We will only access these functions with your approval. You can revoke access rights manually in the settings for each operating system. You can find out how this works in the manufacturer instructions for your mobile OS. However, please note that you can only use the app to a limited extent or you cannot use it at all without the relevant approval.

Before you use the app for the first time, we will request the following permissions for the purpose described below:

PermissionPurpose
CameraTaking photos for profile/feed
Photo librarySelection of photos for profile/feed
Location trackingCalculation of running distance, statistical analysis
Delivery of push notificationsReceipt of push notifications
Mobile data/WLAN
(granted by the operating system)
Use of Internet and downloading of new content

* Optional information

Push notifications as part of the user experience

We require your consent if you wish to receive our push notifications on your mobile iOS device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings.

Name of providerProvider typeData transfer to third party countryThird party countryGuarantees in acc. with Art. 44 ff GDPR
Amazon Web ServicesOrder processorNo--
Google FirebaseOrder processorYesUSAEU standard contractual clauses
EU/US Privacy Shield
Braze Inc.Order processorYesUSAEU standard contractual clauses
EU/US Privacy Shield
DataPurpose of processingLegal basis of processingStorage period
Device tokenSending to your deviceConsentUntil revocation of consent
User data that are also accessible in your public profileDirect approachConsentUntil revocation of consent

* Optional information

Push notifications for marketing purposes

We require your consent if you wish to receive our push notifications for marketing purposes on your mobile iOS device even if the app is not open. Our app only uses push notifications for marketing purposes if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings.

Name of providerProvider typeData transfer to third party countryThird party countryGuarantees in acc. with Art. 44 ff GDPR
Amazon Web ServicesOrder processorNo--
Google FirebaseOrder processorYesUSAEU standard contractual clauses
EU-US Privacy Shield
Braze Inc.Order processorYesUSAEU standard contractual clauses
EU-US Privacy Shield
DataPurpose of processingLegal basis of processingStorage period
Device token and other device informationTransfer to your deviceConsentUntil revocation of consent
User dataDirect approachConsentUntil revocation of consent
Campaign informationDirect approachConsentUntil revocation of consent

* Optional information

Newsletter

You can subscribe to our newsletter if you want to receive regular updates or information about topics and products that are referred to in the declaration of consent.

We need a valid email address for you for subscription purposes.

The provision of other separately highlighted data is voluntary and will be used in order to address you personally. This will only happen if you give separate consent.

To make doubly sure that you actually want to receive information from us, we use the double opt-in procedure. Once you have subscribed, you will receive a link by email which you can use to activate the newsletter service. In other words, we will send an email to the address given when you subscribed in which we ask for confirmation that you want to receive the newsletter. If you do not confirm your subscription, your data will not be saved in our email dispatch tool. In addition, we save your IP address and dates of newsletter subscription and confirmation. The purpose of this procedure is to verify your subscription and, where appropriate, shed light on any misuse of your personal data.

Naturally, you can unsubscribe from the newsletter at any time. The unsubscribe link can be found in the masthead of every email or in your profile settings.

Email addresses collected when registering for a La La Love account (via our app or our website) are used for direct marketing of our own and similar products and services (the La La Love Coach in particular). If you no longer wish to receive direct marketing, you can refuse to allow the use of your email address at any time. The unsubscribe link can be found in the masthead of every email or in your profile settings. Alternatively, you can send us an email to [support@lalalove.app]support@lalalove.app.

DataPurpose of processingLegal basis of processingStorage period
Email AddressContact for direct marketingPossibility of direct advertising according to the Act Against Unfair Competition (UWG)Until objection/cessation of the legal requirements

Cookies and tracking pixels

We use cookies to improve our web service and make your use as easy as possible. Cookies are small text files which are saved on your computer when you visit our website. They facilitate the repeated allocation of your browser. Cookies save information, such as your language settings, duration of the visit to our website or the entries you made there. This means that the required data does not need to be entered again each time the service is used. Moreover, cookies help us to recognize your preferences and adjust our website to your areas of interest.

Most browsers accept cookies automatically. If you want to prevent cookies from being saved, you can select the ‘Accept no cookies’ option in your browser settings. To find out exactly how this works, you can consult your browser manufacturer’s instructions. You can delete cookies that have already been saved on your computer at any time. Please bear in mind, however, that our website service can only be used to a limited extent without cookies.

Moreover, every time our website is loaded, we record how often it is visited and clicked on by using tags on our website, so-called tracking pixels, likewise without any interference and intervention for your computer.

Google Analytics

We use the Google Analytics service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to analyze our website visitors. Google uses cookies to track the use of the online product or service by users and the information is generally transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

If you do not wish to be tracked by Google Analytics in the future, you can opt out at any time by writing an email to support@lalalove.app.

Data in the context of trackingPurpose of processingLegal basis of processingStorage period
Device-related data such as device type model, operating system, browser type and versionImprovement of website for device groupsLegitimate interestuntil revocation
Usage-related information such as geographic location, language and pages visitedImprovement and performance tracking of websiteLegitimate interestuntil revocation

Firebase by google

We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.

Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list can be found here: https://firebase.google.com/terms/. Some Firebase services process personal data. In most cases, the personal data is limited to so-called "instance IDs", which are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage behavior, for example by evaluating crash reports.

Currently, we use the following Firebase services:

Google Analytics for Firebase: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. You can find more information via this link: https://support.google.com/firebase/answer/6318039. Google Analytics retains ID-associated data for 60 days, and retains aggregate reporting and campaign data without automatic expiration, unless the Firebase customer changes their retention preference in their Analytics settings or deletes their project.For Analytics for Firebase, Google uses not only the "Instance ID" described above, but also the advertising ID of the end device. You can restrict the use of the advertising ID in the device settings of your mobile device. For Android: Settings > Google > Ads > Reset Ad ID For iOS: Settings > Privacy > Advertising > No ad tracking

Firebase Remote Config: Remote Config uses Instance IDs to select configuration values to return to end-user devices. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Dynamic Links: Dynamic Links uses device specs on iOS to open newly-installed apps to a specific page or context. Dynamic Links only stores device specs temporarily, to provide the service.

Firebase Cloud Messaging: Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the mobile device, which serves as a target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the mobile device. Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase will use this information on our behalf for the above mentioned reasons.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Quality assurance

When using our website and apps, data is collected and stored which is used to generate information using pseudonymous usage profiles for purposes of web analysis. These usage profiles serve to analyze visitor behavior and are evaluated to improve and design our services based on demand. In addition, we measure and analyze technical performance data (e.g. response and load times) and application data (hardware and software used) in order to improve the performance of our products. Cookies are used to do so. These are text files saved on your computer that allow us to analyze how you use our website. The pseudonymous usage profiles are not associated with personal data on the bearer of the pseudonym without the concerned party's express consent. You can object to future data collection and storage for the purpose of web analysis at any time by deactivating cookies in your browser settings. You can find the individual privacy notices for the providers here:

Name of providerProvider typeData transfer to third party countryThird party countryGuarantees in acc. with Art. 44 ff GDPRStorage period
Sentry.io
132 Hawthorne St
San Francisco, CA 94107
USA
Order processorYesUSAEU Standard Contractual Clauses EU-US Privacy Shield6 weeks
Affected data categoryPurpose of processingLegal basis of processing
IP address (only for troubleshooting)(not applicable for Logentries)Improvement of website design and qualityLegitimate interest
La La Love user IDImprovement of website design and qualityLegitimate interest
Device-related data such as device type, model, operating system, browser type and versionImprovement of website design and qualityLegitimate interest
Usage-related information such as geographic location, language, pages visitedImprovement of website design and qualityLegitimate interest
Installation UUIDImprovement of website design and qualityLegitimate interest
Crash trace (not applicable for Logentries)Improvement of website design and qualityLegitimate interest

Applications and applicant portal from Lever

You can apply to our company using electronic means.

Obviously, we will use your information only to process your application and not pass it on to third parties.

Please note that e-mails sent without encryption are not access-protected. Unfortunately, we do not currently offer encryption for e-mail applications. However, encrypted transfer of your application is possible via our applicant portal.

You can apply to our company online via our applicant portal. Your online application will be sent directly to the HR department via an encrypted connection and obviously treated confidentially.

Your personal data will be deleted at the end of the application process, either immediately or after no more than six months, unless you have given us your explicit consent for longer storage of your data.

Transfer of data to third parties

We only pass your personal data on to third parties if:

  • you have given your explicit consent to this,
  • forwarding data is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,
  • in the event that we have a legal obligation to forward data, and
  • this is legally permissible and required for the performance of the contractual relationship with you.

In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place. Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:

  • your personal data could be processed over and above the intended purpose.
  • Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example your right of access, to rectification, erasure or data portability, on a consistent basis and enforce these.
  • It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.

Your rights

Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Information on right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

Links to other websites

Our website may contain links to the websites of other providers. Please note that this Data Privacy Statement applies only to the website of byFate. We have no influence on or control over the compliance of other providers with applicable data protection regulations.

Amendments to the Data Privacy Statement

We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.

Controller and data protection officer

Alternatively, you may contact our external data protection officers at any time if you have any questions regarding the collection, processing or use of your personal data or in the case of access, rectification, blocking or erasure:

Personal/Confidential

Data controllerController's data protection officer
byFate GmbH
Lothstraße 5
80335 Munich
Germany
E-Mail: support@lalalove.app
represented by Managing Director Andrej Matijczak
byFate GmbH
Data Protection Officer
Luisenstraße 66
80798 Munich
Germany
E-Mail: support@lalalove.app