Privacy Policy

Introduction
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). The terms used are not gender-specific.

Status: February 18, 2024

Responsible persons
Tenacity Labs UG (Haftungsbeschränkt)
Invalidenstraße 5, 10115 Berlin

Contact:
pengunout@gmail.com

Processing overview
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed
- Contact details
- Content data
- Usage data
- Meta/communication data

Categories of affected persons
- Communication partner
- Users

Processing purposes
-
Contact requests and communication
- Security measures
- Managing and responding to requests
- Feedback
- Provision of our online services and user experience
- Information technology infrastructure

Relevant legal bases
The following is an overview of the legal basis of the GDPR based on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.
- Contractual performance and pre-contractual requests (Art. 6 (1) p. 1 lit. b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request.
- Registered interests (Art. 6 (1) p. 1 lit. f) DSGVO) - Processing is necessary for the legitimate interests of the controller or a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular concerning the establishment, implementation, or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security measures
We take appropriate technical and organizational measures by the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, the input of, disclosure of, assurance of availability of, and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, and software as well as procedures following the principle of data protection, through technology design and data protection-friendly default settings. TLS encryption (https): To protect your data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of personal data
In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done following the legal requirements. Subject to express consent or contractually or legally required transfer, we only process or allow the processing of data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Compliance with the Children’s Online Privacy Protection Act (COPPA)
Our Company is committed to protecting the privacy of children who use our services. In compliance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under the age of 13 without obtaining prior verifiable consent from their parents or guardians. We have implemented an age-verification mechanism to identify users under 13 and ensure appropriate consent is obtained before collecting any personal information. If you are a parent or guardian and believe that your child under 13 has provided us with personal information without your consent, please contact us immediately. We will take steps to promptly remove such information from our records and cease any further collection or use of your child's information. Our full privacy practices regarding children, including how we collect, use, and disclose their personal information, how parents can review and request deletion of their child’s information, and our contact information for privacy inquiries, are detailed in this Privacy Policy.

To ensure compliance with data protection regulations while implementing rewarded ads and ad monetization strategies, including through platforms such as AppLovin, we adopt a privacy-first approach that meets the requirements of GDPR, COPPA, and CCPA. Prior to delivering rewarded ads, we seek explicit consent from users where necessary, especially when dealing with minors, ensuring compliance with age-verification laws such as COPPA (for users under 13 in the U.S.) and GDPR (for users under 16 in the EU or lower where local laws permit). We minimize the collection of personal data, limiting it to what is essential for ad delivery, frequency capping, and performance tracking. Any data collected is either anonymized or processed in accordance with the strict security measures we have in place.Furthermore, we implement mechanisms that allow users to opt out of personalized ads, offering them full transparency about the types of data being collected and for what purposes. We ensure that no personal data is sold to third parties, and any sharing of data with advertising partners, such as AppLovin, is safeguarded by robust contractual agreements, including standard data protection clauses that comply with applicable international data transfer regulations.Additionally, for monetization purposes, we adhere to best practices in the industry, ensuring that all ad units are displayed in a way that does not compromise the user experience or infringe on user rights. We provide clear user interfaces that explain the exchange of rewards for ad views, thereby promoting informed user participation. In compliance with CCPA, California residents are afforded the right to access, delete, or request information about the data we collect for ad personalization purposes. We also ensure that there is no discrimination in services based on a user's decision to exercise their privacy rights, including their choice to opt-out of data tracking or personalized ads.By incorporating these standards and implementing clear, user-friendly controls for managing consent and privacy preferences, we ensure that our rewarded ad systems not only comply with legal obligations but also foster user trust and transparency in our ad monetization strategies.4o

Compliance with the General Data Protection Regulation (GDPR) for Children’s Data
In accordance with the General Data Protection Regulation (GDPR), our Company is dedicated to protecting the privacy and personal data of users within the European Union, especially children under the age of 16 (or a lower age if permitted by the law of the member state). We recognize the importance of providing additional protection for children who engage with our services.
Therefore, we do not intentionally collect personal data from children under the age of 16 without obtaining prior consent from their parents or legal guardians. When processing the personal data of children, we adhere strictly to the requirements of the GDPR, ensuring that all data collection, storage, and processing practices are designed with the child’s best interest in mind. For services directed towards children under the age of 16 (or the applicable age of consent in the member state), we will take additional steps to verify parental consent, in accordance with GDPR requirements. If you are a parent or guardian and are aware that your child has provided us with personal information without your consent, please contact us immediately. We are committed to promptly addressing such concerns, including the removal of any inadvertently collected personal data and the cessation of any further processing.
Our Privacy Policy provides detailed information about our data processing practices regarding children, including the types of personal data we collect, the purposes for which we use it, how and when we obtain parental consent, and how parents can exercise their rights under the GDPR to access, rectify, or erase their child’s data from our records.

California Consumer Privacy Act (CCPA) Notice
At Tenacity Labs UG (Haftungsbeschränkt), we respect and protect the privacy of our users. This section of our Privacy Policy is dedicated to California residents and applies to them under the California Consumer Privacy Act (CCPA). If you are a resident of California, the following rights are available to you in relation to your personal information:
- Right to Know and Access
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Upon verification of your request, we will provide you with access to the specific pieces of personal information we have collected about you.
- Right to Deletion
You have the right to request the deletion of your personal information that we have collected from you, subject to certain exceptions as provided by law.
- Right to Opt-Out of Sale
Tenacity Labs UG (Haftungsbeschränkt) does not sell any personal information.
- Right to Non-Discrimination
You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.

How to Exercise Your Rights
Calling us at: +4917631784538