Privacy Policy for the Data Monetization Platform

Status: 11th February 2025

1. Preamble

Welcome to the Datapods App! We consider the protection of your data and your privacy to be of the utmost importance.

2. Privacy Policy for the Data Monetization Platform Introduction

According to Art. 4 no. 1 GDPR, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly. Further information on this can be found in Art. 4 No. 1 GDPR.

This Privacy Policy can be accessed, saved and printed.

Insofar as we cite our legitimate interest or a legitimate interest of a third party (Art. 6 para. 1 lit. f) GDPR) as the legal basis for the processing of personal data, you have the right to object in accordance with Art. 21 GDPR:

In accordance with Art. 21 GDPR, you have the right to object to the processing of personal data at any time. We will then no longer process the personal data for the purposes of direct marketing or related profiling.

We will also not process your personal data for other purposes following an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (see, for example, Art. 21 para. 1 GDPR, so-called “limited right to object”). In this case, you must provide reasons for the objection that arise from your particular situation.

You can also object to the processing of your personal data for reasons arising from your particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (see Art. 21 para. 6 GDPR).

We will also inform you separately about your right to object in the individual sections (e.g. by stating: "You have the right to object"), if this right exists. There you will also find further information on exercising your right to object.

In order to keep the following Privacy Policy concise, we provide links at various points to information and data protection notices on external websites. We make every effort to keep the links that we list in this privacy policy up to date. Nevertheless, due to the constant updating of the websites, it cannot be ruled out that links may not function correctly. If you notice such a link, we would be pleased if you let us know so that we can update the link.

3. Who is responsible for processing my personal data and how can I contact the data protection officer?

You can contact our data protection officer by email at finn@datapods.app.

The controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data is:

Datapods GmbH

Kölnstraße 179b, 53111 Bonn Germany

E-mail: kontakt@datapods.app

represented by: Jakob Endler, Lukas Stein, Finn Rübo, David Goldschmidt.

Additional data controllers may be added as part of the data licensing process. In this case, Datapods will notify you in advance and handle the informal exercise of your data rights for you.

4. What categories of data do we process as Datapods and where do they come from?

We process your personal data (e.g. from your requests submitted to us, such as downloading our application) in connection with the delivery of Datapods services. The extent to which we collect, process and use this data depends on the services provided by Datapods. This is usually the following data in particular:

First name and surname,

date of birth,

place of birth,

e-mail addresses,

postal address,

cell phone number,

nationality,

IP address.

When processing your personal data, we differentiate between personal data that we collect directly from you and personal data that we receive from other sources.

4.1 Personal data that we collect directly from you

We collect the personal data that you provide to us when downloading our application (“Datapods App”) or when using Datapods, as well as data that is transmitted via interfaces of the companies for which we offer a portability or download function. We also collect personal data that we request from you for the proper delivery of Datapods. Please refrain from transmitting your data if you do not agree to it being processed. In this case, no further processing will take place.

4.2 Personal data that we receive from other sources

We use data collected by third party companies for data processing that we receive via portability and download functions of respective companies. This data is transferred to servers in Amsterdam, Netherlands, where it is categorized and encrypted. The encrypted data is stored in our database operated by Supabase (data center in Frankfurt, Germany). We have concluded data processing contracts with the operators of these data centers. Your third-party user data is encrypted at rest with AES-256 and stored in our databases on Supabase servers that are certified according to SOC2 type 2. During transmission, the data is encrypted using TLS. Sensitive information such as access tokens and keys are encrypted at the application level before they are stored in the database.

You can find out more about the third-party companies and the data we receive from them in our Privacy Policy for the Datapods App.

5. Who has access to my personal data?

Our systems are developed according to the principles of privacy by design. We ensure that our employees only have access to the personal data that is absolutely necessary to provide our services. Our employees generally do not have access rights to your personal data that is processed in the Datapods App and allows identification (such as personal details, third-party company data or usage data). The only exceptions are developers who work on the database as part of the tasks listed below ("Authorized Personnel"). All available data is stored in encrypted form in our Supabase database (data center in Frankfurt, Germany).

There are some exceptions to this principle of privacy by design in which Authorized Personnel may access your personal data:

  • Support requests: if you contact our support, it may be necessary for Authorized Personnel to access your personal data to help you resolve issues.
  • Explicit consent: If you provide us with personal data within the Datapods App with explicit consent, e.g. to optimize our data analysis or to improve our services.
  • Regulatory requirements: Where we are required to do so by law or regulation, for example as part of requirements to combat money laundering or terrorist financing.
  • Contract processing: To ensure the proper processing of the services of the Datapods App, Authorized Personnel may access the personal data required to carry out the process (e.g. pseudonymization key or order status).
  • Data Monetization Platform: When passing on your data to cooperation partners via the Data Monetization Platform, it may be necessary for Datapods to access your data in order to facilitate the transfer. The data will only be passed on in accordance with your granular consent settings.
  • Further development and maintenance: To be able to continuously offer the services of the Datapods App, to improve them and to be able to develop and offer new functions.

6. What is the purpose and the legal basis of processing my personal data?

6.1 To fulfill our contractual obligations, Art. 6 para. 1 lit. b) GDPR.

This data is collected:

  • to provide a mobile application with which you can log into your user accounts of third party companies and retrieve data from them via dedicated interfaces, e.g. Google Takeout,
  • for the automated creation of categorizations and analyses based on the provided thrid partry user account data (e.g. Chrome history, YouTube history, location data),
  • to visualize and analyze your data within the Datapods App,
  • to answer queries relating to the provision of the Datapods App,
  • to manage and analyze your data and to improve the services we offer,
  • to conclude and manage Data License Agreements with our Cooperation Partners
  • to conclude and manage Analysis Services for Cooperation Partners based on your data,
  • for forwarding to service providers for the purpose of carrying out an identity check in compliance with money laundering regulations, if necessary,
  • to fulfill regulatory requirements to which we are subject to, in particular to combat money laundering and terrorist financing.

If necessary, we process your personal data at your request for the purpose of arranging, fulfilling and/or terminating a contract to be concluded with us or subsequently concluded or another contract to which you are a party. In particular, we create a file for your identification when you contact us for the purpose of providing the contractually agreed service. In order to fulfill the contract, we also create needs analyses, manage and service your contract or improve these processes.

6.2 To fulfill our legal obligations, Art 6 para. 1 lit. c) GDPR.

We may collect and process your personal data in order to comply with legal obligations to which we are subject. This includes, for example, compliance with regulatory requirements or legal requirements that apply to the performance of our services.

6.3 To protect our legitimate interests and the interests of other controllers or third parties in data processing, Art. 6 para. 1 lit. f) GDPR.

We process your personal data to protect our legitimate interests where this is necessary. This includes:

  • the improvement and further development of our app and services,
  • carrying out security analyses to ensure the security of your data
  • processing support requests and ensuring the proper operation of the app
  • the sending of advertising information, unless you have objected to this
  • conducting market and opinion research in order to better adapt our services to the needs of our users
  • the assertion and defense of legal claims.

6.4 To process your data based on your consent, Art 6 para. 1 lit. a) GDPR.

If you have given us your explicit consent, we will process your personal data for specific purposes agreed by you. These may include the following:

  • the transfer of special categories of personal data to our Cooperation Partners.
  • the transfer to Cooperation Partners for use in the context of direct advertising.

7. Will my data be shared with third parties?

Your data will be passed on to our Cooperation Partners for various processing purposes to the extent you have set. Before each transfer, we will inform you in detail about the cooperation partner approved by us and the processing purposes for which the cooperation partner wishes to use your data. Between the conclusion of the Data License Agreement with our Cooperation Partner and your notification thereof and the disclosure of your data, a minimum period is set during which you can object to the disclosure and processing of your data, revoke any consent you may have given to the processing of the data or terminate individual business relationships or the entire business relationship with Datapods. This is also necessary at any time after the data has been passed on and Datapods will ensure that your personal data is deleted from the database of all cooperation partners and, if applicable, from its own database. Exceptions to this are those personal data that are necessary for processing, the protection of Datapods' legitimate interests and compliance with legal requirements.

The data will only be passed on to Cooperation Partners who are based in the EU, in a country for which an adequacy decision has been issued by the EU Commission or who undertake to comply with the European level of data protection in the form of Standard Contractual Clauses.

Identification option:

  1. Pseudonymized, i.e. the data is made available in such a way that it cannot be attributed to you as an individual person without additional information.
  2. Pseudonymized with the possibility of re-identification, i.e. the data is made available in such a way that your contact data (e-mail address, phone number, MAID) cannot be used to contact you, but that the data from Datapods can be merged with existing customer data of the Cooperation Partner via its hash value.
  3. Plain data, i.e. the data is made available in such a way that it can be directly assigned to you as an individual person.

Contact option:

  1. No contact option, i.e. the data is made available in such a way that the Cooperation Partner is not allowed to contact you.
  2. Personalized advertising, i.e. the data is made available in such a way that the Cooperation Partner can address you specifically in the context of online advertising without being able to use your contact data (address, telephone number) or being allowed to do so (hashed e-mail).
  3. Direct advertising, i.e. the data is made available in such a way that the Cooperation Partner can contact you directly, e.g. as part of e-mail or telephone advertising. This requires additional voluntary consent from you for each transaction.

Special usage options:

  1. Non-commercial use, i.e. when concluding Data Licensing Agreements with non-profit Cooperation Partners who want to use this data for non-profit research purposes, Datapods does not try to increase profit for you but to maximize positive social effects.
  2. Special categories of personal data, i.e. the following data may be made available to Cooperation Partners,
  • Ethnic origin
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data for the purpose of uniquely identifying a natural person.
  • Data concerning health.
  • Data concerning a natural person’s sex life or sexual orientation.

This requires additional approval from you for each individual transaction.

  1. Data Dividend, i.e. you will also receive a refund for the sale of Analysis Services for the creation of which your data was used, but for which your data was never passed on to Cooperation Partners and is therefore completely anonymized. The amount of the percentage reimbursement is variable, depending on the costs incurred by Datapods for the creation and distribution of the corresponding Analysis Service.

8. Which companies do we contact to import the personal data in the Datapods App?

You can find out more about the third-party companies and the data they collect when exporting your data in our Privacy Policy for the Datapods App.

9. Which third-party providers do we use to provide functions in the Datapods App?

In order to provide you with the Datapods App and its functions, we use the services of various third-party providers to whom we transfer certain personal data. The provision of your personal data is neither legally nor contractually required. However, if you do not provide it, you will not be able to use certain essential features of our Datapods App.

You can find out more about the third-party providers that we use to provide the Datapods app in our Privacy Policy for the Datapods App.

10. What other data is collected by using third party providers to improve Datapods?

To further improve the Datapods App for you, we use third-party providers to help us understand which functions you use and how you use them. This allows us to better plan new features and improve existing features for you. Providing your personal data is neither legally nor contractually required. However, if you do not provide it, you will not be able to use certain features of our Datapdos App.

You can find out more about the third-party providers that we use to improve the Datapods App in our Privacy Policy for the Datapods App.

11. For how long will my data be stored?

We only process personal data for as long as is necessary to fulfill our contractual and legal obligations. For example, data processing is necessary for the performance and execution of the contract, including the defense and enforcement of civil law claims within the relevant limitation periods. The limitation periods can be up to three years due to sections 195 et seq. of the German Civil Code, the limitation periods can be up to thirty years; the regular limitation period is three years. In addition, the retention obligations under tax law, commercial law, tax law and other statutory retention obligations must be observed. The retention/documentation periods stipulated there are six to ten years plus the limitation period for assessment of a further four years. In order not to violate legal regulations or lose the opportunity to enforce a claim or defend ourselves against such a claim, we reserve the right to delete some data only after the expiry of the last period that legitimizes the data storage. This does not apply to your personal data that we receive from third-party companies, which we generally delete immediately after termination of the User Agreement for the Data Monetization Platform.

12. Can I object to the processing of my personal data?

If we process your data for legitimate interests, you can object to this processing on grounds relating to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons; this also applies to profiling insofar as it is associated with such direct marketing. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Withdrawal of consent:

You can withdraw your consent to the processing of your personal data in whole or in part at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. However, in the event of full or partial withdrawal, you may not be able to continue to use the Data Monetization Platform in full or in part.

Objection to the Data License Agreement:

Before and during Data Licensing to a Cooperation Partner, you can exclude one or more Cooperation Partners from further processing your data. Datapods will then arrange for your data to be deleted by this Cooperation Partner. The objection does not affect processing on the basis of contract fulfillment until the objection is made.

Termination of the User Agreement:

After concluding the User Agreement, you have the right to terminate the contract with Datapods for the monetization of your data via the Data Monetization Platform at any time. In this case, Datapods will arrange for your data to be deleted by all Cooperation Partners. Your data will then no longer be marketed to Cooperation Partners on the Data Monetization Platform.

13. Where can I lodge a complaint?

If you are of the opinion that the processing of your personal data by us is unlawful or that we are violating data protection law for other reasons, you can complain to the supervisory authority responsible for us:

North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information

P.O. Box 20 04 44, 40102 Düsseldorf, Germany

Telephone: 0211/38424-0

Fax: 0211/38424-10

E-mail: poststelle@ldi.nrw.de

14. Am I obliged to provide my data?

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are under no legal or contractual obligation to provide us with your personal data. However, if you do not provide us with any data for monetization purposes as part of the Data Monetization Platform, we will only be able to provide certain services to a limited extent or not at all. This is the case for the Data Monetization Platform. If you register for the Data Monetization Platform without having provided any data, we will inform you of this before concluding the User Agreement and reserve the right not to enter into the contract with you in order to minimize any costs incurred on our part.

15. What are my rights as a data subject?

You have the right to:

  • to request information as to whether and, if so, which personal data concerning you is being processed, Art. 15 GDPR;
  • to request the rectification of inaccurate personal data or the completion of incomplete personal data, Art. 16 GDPR;
  • to obtain from us the erasure of personal data concerning you without undue delay, provided that the conditions set out in Art. 17 GDPR are met;
  • to demand the restriction of the processing of your personal data, insofar as Art. 18 GDPR provides for this;
  • to receive the personal data concerning you in a format that meets the requirements of Art. 20 para. 1 GDPR;
  • to data portability under the conditions set out in Art. 20 para. 1 lit. a, b GDPR;
  • not to be subject to a decision based solely on automated processing – including profiling – if a decision has only been made in an automated process and this decision significantly affects you. In the event of a rejection, the decision will be reviewed manually by us after you have informed us of your considerations and objections to the decision made in the automated process and requested the manual review, Art. 22 para. 1, 3 GDPR. In addition, you are entitled to view the criteria for the decision.

For requests of this kind, please contact kontakt@datapods.app. Please note that we must ensure that we are actually dealing with the data subject for such requests.

Automated decision-making does not take place in our app.

Any questions?

Feel free to contact us with questions, feature requests or anything else :)
Contact & questions
kontakt@datapods.app
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
D
Take back control over your digital identity.
©2025. Datapods.app. All rights reserved.
Need Help? Get in Touch
About
About UsOur VisionPress Kit
Legal
ImprintPrivacy PolicyUser AgreementPrivacy Policy
AppUser Agreement
Platform
Privacy Policy
Platform
Gradient