Tschillie’s Privacy Policy

To our users,

If you're perusing this document, you likely share the widespread concern regarding the safeguarding of personal data. We aim to assist you by elucidating how your personal data is handled upon registration for our services or upon accessing our website. Personal data encompasses any information that can be linked to your identity.

Given the intricacies of data protection legislation, we offer a concise overview of pertinent matters:

Data Controller

In any instance of personal data processing, there exists a designated entity responsible for such processing (referred to as the data controller). This entity serves as your primary contact for matters pertaining to data protection and ensures compliance with the standards outlined in European legislation. In the context of Tschillie services, we, Maroon Innovations LTD., assume the role of data controller. You may contact us via:

Maroon Innovations LTD.

2 Bibi Family Court

Triq it-Tempju

Qala, QLA1063

Malta

Email: privacy@marooninnovations.com

Further company details can be accessed through our imprint available at Maroon Innovations LTD.

Overview of Data Processing Procedures

Legal basis for the Processing of Data

Under the law, processing of personal data is primarily prohibited unless it falls under specific justifications:

• Art. 6 para. 1 sentence 1 lit. a GDPR ("Consent"): Processing is permissible if the data subject has provided voluntary, informed, and unambiguous consent for specific purposes.

• Art. 6 para. 1 p. 1 lit. b of the GDPR: Processing is allowed if necessary for fulfilling a contract with the data subject or for undertaking pre-contractual measures at the data subject's request.

• Art. 6 para. 1 p. 1 lit. c of the GDPR: Processing is permissible if necessary to comply with a legal obligation imposed on the controller (e.g., record-keeping obligations).

• Art. 6 para. 1 p. 1 lit. d of the GDPR: Processing is allowed if necessary to protect the vital interests of the data subject or another natural person.

• Art. 6 para. 1 p. 1 lit. e GDPR: Processing is permissible if necessary for tasks carried out in the public interest or exercising official authority vested in the controller.

• Art. 6 (1) p. 1 lit. f GDPR ("Legitimate Interests"): Processing is allowed to safeguard legitimate interests (especially legal or economic) of the controller or a third party unless overridden by the data subject's interests or rights (especially if the data subject is a minor).

For our processing operations, we specify the applicable legal basis in each case. A processing operation may rely on multiple legal bases.

Storage Duration Policy and Data Deletion

We outline below the duration of data storage and the criteria for deletion or blocking. If no explicit storage period is specified, personal data will be deleted or blocked once the purpose or legal basis for storage ceases.

However, data may be retained beyond specified periods in the event of (threatened) legal disputes or other legal proceedings, or if required by applicable legal regulations. Upon expiration of statutory storage periods, personal data will be blocked or deleted unless further storage is necessary and justified by legal basis.

Please find more information in the section ‘Additional Information on Data Retention and Deletion’.

Data Security Measures

At Tschillie, we prioritise the implementation of appropriate security measures to safeguard your information against loss, misuse, unauthorised access, or disclosure. We employ reasonable security protocols, including secured servers with firewalls, to maintain the confidentiality of your personal data.

However, it's important to note that no website or Internet transmission can guarantee complete security. While we strive to uphold stringent security standards, we cannot guarantee immunity against unauthorised access, hacking, data loss, or other breaches.

To help enhance the security of your data, we recommend the following measures:

• Always log out of your account after each use to prevent unauthorised access.

• Refrain from sharing your Tschillie account password with anyone - else.

• Consider periodically changing your password for added security.

Futhermore, we employ suitable technical and organisational measures to safeguard data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorised access by third parties (e.g., TLS encryption for our website). These measures consider the latest technological advancements, implementation costs, nature, scope, context, and purpose of processing, as well as existing risks of data breaches.

For security purposes and to protect the transmission of confidential content, such as inquiries sent to us as site operators, this site utilises SSL encryption. An encrypted connection is identifiable by the change in the browser address line from "http://" to "https://" and the lock symbol in the address line. With SSL encryption activated, transmitted data is unreadable to third parties.

If you suspect that someone has gained access to your password or account, please follow the outlined steps provided here. Please be aware that the security of your personal data during transmission to our site is not guaranteed, and any transmission is undertaken at your own risk.

Cooperation with Processors

Similar to larger companies, we engage external domestic and international service providers (e.g., IT, logistics, telecommunications, sales, and marketing) to process business transactions. They act solely on our instructions and are contractually obligated to comply with data protection regulations under Art. 28 GDPR.

Profiling Practices and automated Decision-Making

Tschillie is dedicated to fostering kind and equitable relationships. To achieve this, we've developed advanced matching algorithms aimed at predicting compatibility between users. These algorithms analyse various factors, including user profiles and interactions within the app, such as swiping patterns and mutual matches.

We utilise this data to recommend profiles that are deemed highly compatible with each user, enhancing the likelihood of meaningful connections. Our matching algorithms leverage machine learning techniques to continually refine and optimise profile rankings, maximising the chances of finding suitable matches.

The data used for predicting compatibility and generating profile recommendations include:

1. User Profile Information: Details provided by users in their profiles, such as age, distance, and gender, enable us to suggest individuals who are likely to be compatible and reciprocate interest.

2. App Interaction Data: Information about user activity within the app helps identify individuals who are actively seeking new connections and are available to engage.

3. Device Coordinates: Utilised to determine proximity to other members, facilitating connections with individuals in close geographic proximity.

The legal basis for processing profile and proximity information is rooted in the necessity to fulfill our contractual obligations to users under Article 6(1)(b) of the GDPR. Additionally, processing information concerning app activity is justified by our legitimate interests as outlined in Article 6(1)(f) of the GDPR. Specifically, our interest lies in providing more personalised and relevant recommendations to enhance the user experience within our app.

In cases where users include sensitive information in their profiles, such as beliefs, processing of this data is contingent upon voluntary and explicit consent.

Personal Data Disclosure Policy

Overview of Data Disclosure

We do not disclose your personal data to third parties except as described in this privacy policy. Your personal data is only shared with third parties under the following circumstances:

• You have expressly consented in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

• The transfer is necessary for processing contractual relationships in accordance with Art. 6 para. 1 p. 1 lit. b GDPR.

• We are subject to a special legal or statutory obligation to provide the processed personal data to third parties, especially public bodies, in accordance with Art. 6 (1) p. 1 lit. c GDPR.

• Disclosure is necessary for the assertion, exercise, or defense of legal claims pursuant to Art. 6 (1) sentence 1 lit. f GDPR, and there is no overriding interest worthy of protection in non-disclosure of your data.

Types of Recipients

Presently, the following categories of recipients receive personal data from us:

• State authorities and courts.

• Technical service providers.

• Hosting service provider.

• Email dispatch service provider.

• Email marketing service provider.

• Services for customer support provision.

• Advertising and distribution partners.

• Cooperation partners.

• Other platform providers regarding social plugins.

• Analysis and tracking services.

• Affiliated companies.

Data Transfer to Third Countries

In adherence to legal requirements, data transfer to third countries may occur. Such transfers are limited to countries with confirmed adequate protection levels by the EU Commission, or where EU standard contractual clauses or other security guarantees permit. Otherwise, data transfer only occurs with your consent.

Understanding Your Rights

In the processing of your personal data, data protection law grants you various rights. These include:

• Requesting information about your processed personal data in accordance with Art. 15 GDPR.

• Requesting correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR.

• Requesting deletion of your stored personal data in accordance with Art. 17 GDPR.

• Requesting restriction of processing of your personal data in accordance with Art. 18 GDPR.

• Receiving personal data you provided to us in a structured, commonly used, and machine-readable format or requesting a transfer to another controller in accordance with Art. 20 GDPR.

• Revoking your consent at any time with effect for the future per Art. 7 (3) GDPR.

• Lodging a complaint with a supervisory authority in accordance with Art. 77 GDPR.

If your personal data is processed based on legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the right to object to processing pursuant to Art. 21 GDPR unless grounds for objection arise from your particular situation or the objection is against direct advertising.

To exercise your right of revocation or objection, simply email privacy@tschillie.com.

Data Processing During Website Visits

Overview of Data Processing During Website Visits

Logfiles

Upon visiting our website Click here and its associated subpages, your browser automatically transmits information to our website server. This data is temporarily stored in a log file without your intervention and remains until automatic deletion. The following information is collected:

• Browser type and version

• Operating system

• Referrer URL

• Host name of accessing computer

• Date and time of server request

• IP address

We process this data for the following purposes:

• Ensuring a smooth website connection.

• Facilitating comfortable website usage.

• Evaluating system security and stability, as well as other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest outlined above. Your data will only be processed for the duration necessary to achieve the specified purposes. The legal bases stated within the context of processing purposes apply accordingly.

Data Processing During Registration

To access many functions within our app, registration as a user is required. You have the option to register via email submission, Facebook Connect, Google, or Apple.

Email Registration

Registration can be completed directly on our app by providing your username, country, postcode, birthday, gender, gender search preference, and email address in the registration form. By submitting this information, you consent to the processing of the data entered during registration (Art. 6 para. 1 p. 1 lit. a GDPR).

We will utilise the email address provided during registration to inform you of important changes, such as alterations to our services or technically necessary updates.

Data Sharing through Facebook, Google and Apple Sign-In

Alternatively, registration can be accomplished through Facebook Connect, facilitated by Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Dublin 2, Ireland.

When opting for Facebook Connect, you will be redirected to the Facebook website to log in using your credentials. This process links your Facebook profile with our service, streamlining the registration process by importing relevant information from your Facebook account. Please note that by establishing this connection, we gain access to select information stored on your Facebook account, including but not limited to your name, date of birth, email address (if consented), and profile picture.

We solely utilise your name, date of birth, and, if consented, your email address and profile picture from this data. The processing of this information is contingent upon your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

For further details, please refer to the Facebook Terms of Use Click here and the Facebook Privacy Policy Click here.

Should you choose to register or sign in with your Apple ID or Google account, you provide Google or Apple with consent to share your Apple/Google login credentials, a name (editable by you), and an email address (optional to conceal, wherein Apple/Google generates a random email address to protect your personal email privacy). This email address will be linked to your Tschillie account and utilised for account retrieval purposes.

Subsequently, we utilise this personal data to establish your Tschillie account. If you remove the Tschillie app from your Facebook settings or Google/Apple ID, our access to this data ceases. However, we retain the personal data obtained during the initial setup of your Tschillie account via Facebook, Apple or Google ID (complete deletion of your Tschillie account is required to revoke our access to this data).

Your User Profile

Within your user profile, you have the option to store the following data:

• Gender
• Sexual orientation
• Age
• Country and region
• Status
• Hobbies, interests, and relationship status.
• A profile text for self-description.
• Profile photos

We process this data to facilitate connections with other users and identify common interests. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. a GDPR. If you provide information regarding your sexual orientation, we process this data solely with your explicit consent in accordance with Art. 9 para. 2 lit. a GDPR, and only if your profile is set to public visibility in line with Art. 9 para. 2 lit. e GDPR.

You have the ability to control the visibility of these data points to other users of our services and authorise their sharing by us.

Chats with Other Users

Our platform offers a chat function for easy communication with other Tschillie users. Content exchanged in these chats is shared with the respective users involved. We do not access the content of your chats unless required by law.

Location Data

As a registered user, you have access to location-based services through our Connect function. Within this feature, we provide users and contact options tailored to your specified region, or geolocation. Additionally, location data may be used for advertising purposes.

Your location data is processed only with your explicit consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. You can grant or revoke this consent through the settings of your device at any time.

Further information can be viewed in the ‘Geolocation information’ section.

Account

If your account is deleted by either yourself or us without any associated payable contracts, your data will be removed from our systems eight (8) weeks after your last log-in. This retention period is implemented to prevent repeated deletion and re-creation of accounts for accessing free services. Such measures serve our legitimate interest as per Art. 6 para. 1 p. 1 lit. f GDPR.

In instances where there is no activity on an account for at least 180 days and no payable contract is in place, we reserve the right to delete the account. This action is taken to maintain system efficiency and ensure the community remains free of inactive users (Art. 6 para. 1 p. 1 lit. f GDPR). Prior to deletion, we will notify you via email, allowing you the opportunity to prevent deletion by logging in.

If you have entered into a payable contract with us, the data collected during registration will be retained until the termination of your registration, followed by deletion under statutory retention periods.

Upon account deletion, chat contents are blocked from view by respective chat partners. The chats themselves are initially retained in our backend and permanently deleted from our servers eight (8) weeks post-account deletion. This retention period is necessary for tracing purposes in the event of complaints, representing a legitimate interest under Art. 6 para. 1 p. 1 lit. f GDPR.

Data Processing for Paid Services

Upon subscribing to a paid service or making a purchase from us, either we or our payment service provider gather financial and payment details, such as credit or debit card numbers. This data processing serves the purpose of establishing, managing, or amending our legal relationship with you. The legal grounds for this processing are stipulated under Art. 6 para. 1 p. 1 lit. b GDPR. We collect and handle personal data concerning the usage of our website (usage data) solely to facilitate your use of our service or for billing purposes.

Such data is shared with third parties only when essential for contract processing, such as with the credit institution tasked with payment processing. Customer data collected will be deleted upon order completion or termination of the business relationship, with retention extending until the expiration of statutory retention periods.

Contact Us

Should you wish to get in touch with us, our contact form is available for use. It's important to note that all data entered into this form is retained by us for the purpose of addressing your inquiry.

Email: privacy@tschillie.com

Data provided via the contact form is processed exclusively based on your consent (Art. 6 para. 1 p. 1 lit. a GDPR). You reserve the right to revoke this consent at any time, which can be done by sending us an informal email. The legality of data processing operations conducted prior to the revocation remains unaffected.

Information submitted through the contact form will be retained by us until you request its deletion, withdraw your consent for storage, or the purpose for storing the data ceases to apply (e.g., upon completion of your inquiry). However, longer retention periods may apply as mandated by law.

Data Processing in the Tschillie App

General Information Overview

Upon registering and using the Tschillie app, we process data akin to when you visit our website. Please refer to the "Data Processing during Registration" and "Data Processing when Using Tschillie with a User Account" sections of this privacy policy for relevant details. Specific aspects of app usage are outlined herein.

Data Processing During Download and Installation

Upon downloading the Tschillie app, the app store operator may autonomously process personal data. This may include your email address, customer number, device information, and timestamps. To access the app's full functionality and services, we process data such as location, contact details, user-generated content, and identifiers like user and device IDs. Depending on your operating system and app version, permissions for data access are requested pre or post-installation.

Geolocation Information

If you have granted Tschillie access to your device's location settings, while using your mobile device, we will gather data regarding WiFi access points and other location specifics such as longitude and latitude. Additionally, we may store your device's coordinates to offer specific features to you. This information assists us in determining your physical location, enhancing the personalisation of the App, and facilitating interactions with other Users. It enables the display of general locality information to Users viewing your profile and presents you with profiles of other Users nearby.

• If you have permitted Tschillie access to your location but wish to disable this feature, you can do so through the following methods:

• For iPhone app users: Navigate to settings, then privacy, followed by location services, and select Tschillie.

• For Android users: Access settings, choose location, find Tschillie, select permissions, then location.

In-App Purchases

In-app purchases involve data transmission to respective payment service providers. For further details, refer to the "Data Processing for Paid Services" section of this privacy policy.

Photo and Device Information

When you utilise the app, we may gather details about your device, including its unique identifier, model, and operating system, for various purposes outlined in this policy. Additionally, if you grant us permission, the app may access your device's address book solely for the purpose of adding contacts.

Furthermore, we gather data concerning your photos, such as user interaction metrics and lighting quality. This information is utilised to optimise the arrangement of your profile photos in a manner beneficial to you. You have the option to deactivate this feature via our app settings.

Links

We may monitor your interaction with links provided on Tschillie, including those leading to third-party services, by redirecting clicks or employing other methods. Aggregate click statistics, such as the number of times a specific link was clicked, may be shared.

Your Information and How We Use It

Our primary objective is to ensure your experience on Tschillie remains enjoyable and free from unwanted surprises. To achieve this, we may utilise your Registration and other information to:

• Provide you with our services and features.

• Keep you informed about updates and new features of the app.

• Personalise the app/Sites and the content we deliver to you.

• Perform research and analytics to understand how you use and interact with the app/sites.

• Test new technologies and processes aimed at enhancing and improving the app/sites.

• Resolve disputes, troubleshoot problems, and enforce our Terms & Conditions.

• Investigate fraud, protect our legal rights, and enforce our Terms & Conditions.

• Send you information about promotions and offers available, such as specific types of goods/services/offers, through direct marketing or other communication methods, if you have opted in for our communications or indicated your consent. We will refrain from using your information for email direct marketing unless you provide consent during the account creation process or via Settings in the app. You can withdraw from marketing at any time via Settings in the app or by utilising the opt-out mechanisms and links provided in each message.

• Safeguard our Users and third parties from harm.

Our Policy Regarding Age Requirements

While we strive to make our platform accessible to a wide audience, users must be at least 18 years old to use Tschillie.

Tschillie does not intentionally gather information from or target children, minors, or individuals under 18 years of age. Should we become aware that a child, minor, or individual under 18 has registered with us and provided personal information, we will take appropriate measures to terminate their registration.

Tschillie’s Social Media Channels

Our website links to social media accounts on Facebook and Instagram. Clicking these links redirects users to respective provider pages, potentially associating user information with Tschillie usage if logged in. Consent under Art. 6 para. 1 p. 1 lit. a GDPR serves as the legal basis for this data linkage.

Meta Platforms (Facebook/Instagram)

Refer to Meta Platforms Ireland Limited's Privacy Policy at Facebook, click here respectively Instagram, click here.

Additional Information on Data Retention and Deletion

We retain your personal information only for as long as necessary, based on the legal basis outlined in the "Storage Duration Policy and Data Deletion" section.

Upon deletion of your account, we ensure it is no longer visible within the app. For a period of up to 28 days, account restoration is possible in the event of accidental deletion. After this period, we initiate the deletion process for your personal information from our systems, unless:

• Legal requirements mandate retention (e.g., for tax and accounting purposes if purchases were made within the app).

• Retention is necessary to demonstrate compliance with applicable law (e.g., retaining account information and behaviour records related to blocks for evidentiary purposes in case of queries or legal claims).

• An unresolved issue, claim, or dispute necessitates the retention of relevant information until resolution.

• The information must be retained for legitimate business interests, such as fraud prevention and enhancing Users’ safety and security (e.g., retaining information to prevent banned users from opening new accounts due to unsafe behaviour or security incidents).

Please note: Even after removal of information from your profile or deletion of your account, copies of such information may remain viewable or accessible if previously shared or stored by others. We cannot control this, and therefore, we do not assume liability. If you have granted access to your personal information to third-party applications or websites, they may retain such information as permitted under their terms of service or privacy policies.

Updating and Amending this Privacy Policy

As our website and offerings continue to evolve or due to changes in legal or regulatory requirements, modifications to this privacy policy may be necessary. You can always access the current privacy policy on our website at Tschillie Privacy Policy.

This Privacy Policies have been updated on the 29th May 2025.