Privacy Policy - TreffPunkts

TreffPunkts is a platform that connects people for real-world activities. Because of that, data processing goes beyond ordinary website use and includes profile data, event and participation data, user communications, location-related features and safety measures.

1. Controller

The controller for data processing is:
Mohammad Mirzakhanidehkordi
Sole proprietor trading as KorrektCode
Scharrnstraße 2
38100 Braunschweig
Germany

Email: info@treffpunkts.de
Phone: +49 531 38763070
WhatsApp Business: +49 151 2318 0596

No data protection officer has currently been appointed because, based on the current setup, there is no statutory obligation to do so.

2. Categories of data processed

Account data such as name, display name, email address, login and verification information
Profile data such as biography, interests, profile picture, preferences and other voluntary information
Event data such as title, description, place, time, images, categories and visibility settings
Participation and interaction data such as registrations, requests, participant lists, reviews and reports
Communication data such as direct messages, event-related messages and support requests
Location-related data to the extent entered by you or used for maps or place-based functionality
Technical data such as IP address, browser and device data, logs, timestamps and security events
Consent and preference data, especially for cookies, language settings and notifications

3. Purposes and legal bases

We process personal data in particular for the following purposes:

Providing the platform, registration, login and account management based on Art. 6(1)(b) GDPR
Providing profiles, activities, participation, reviews and community features based on Art. 6(1)(b) and Art. 6(1)(f) GDPR
Providing chat, contact and notification features based on Art. 6(1)(b) GDPR
Abuse prevention, moderation, IT security, enforcement of terms and assertion of legal claims based on Art. 6(1)(f) GDPR
Compliance with legal obligations based on Art. 6(1)(c) GDPR
Analytics, advertising and marketing services only after prior consent based on Art. 6(1)(a) GDPR and applicable cookie law

4. Registration and user account

When you create an account, we process your registration data in order to create your account, provide login functionality, protect account security and enable the platform features you use.

5. Profiles, activities and user-generated content

TreffPunkts relies on user-generated content. When you fill out a profile, create activities, upload images, participate, leave reviews or publish content, we process that data to provide the relevant function.

Depending on your settings and the feature involved, such data may be visible to other users. This can include in particular your profile name, profile picture, event details, event location, participation or other interactions on the platform.

6. User-to-user communications

If direct messaging, chat or contact functions are available, we process communication content and related metadata in order to provide messaging, prevent abuse and investigate security incidents.

7. Location and maps

Location data is processed when you actively provide a place, create activities with a location, use map functions or search in place-based views. Precise location data is not processed without your active input or triggered use of the feature.

8. Visibility to other users

A core function of the platform is connecting users with each other. For that reason, personal data that you provide in your profile, in an activity, in participation or in communications may become visible to other users as part of the intended functionality.

9. Safety, moderation and real-world meetings

Because TreffPunkts may facilitate offline meetings, we also process data for abuse detection, moderation, complaint handling and mitigation of safety risks. The platform only provides the technical infrastructure; users remain responsible for their conduct and decisions in real-world interactions.

10. Service providers and recipients

We use technical service providers to operate the platform. This may include in particular:

Hosting and backend infrastructure providers for the website and API
Firebase / Google for authentication, database, storage and push messaging functionality
Google Maps or related Google services for maps and place features
Google Analytics, but only after consent, for audience measurement
Google AdSense, but only after consent, for advertising placements

Personal data is shared only to the extent necessary to operate the platform, comply with legal obligations or protect legitimate interests.

11. International data transfers

When using Google or Firebase services, personal data may be transferred to recipients outside the EU or EEA. Such transfers take place only on the basis of appropriate safeguards under Art. 44 et seq. GDPR, in particular standard contractual clauses or other recognized transfer mechanisms.

12. Cookies, consent, analytics and advertising

We use necessary storage or cookie technologies to keep the website secure and functional. Analytics and advertising services are loaded only after you have granted consent.

You can make your cookie choice via the consent banner. The legal basis for strictly necessary technologies is the applicable legal rule for necessary storage/access together with Art. 6(1)(f) GDPR; for analytics and advertising, the legal basis is your consent under the applicable cookie rules and Art. 6(1)(a) GDPR.

13. Retention periods

We store personal data only as long as necessary for the relevant purposes, as long as statutory retention obligations apply or as long as legitimate interests in documentation, security or legal defense exist.

Account data generally for the duration of the user account
Profile, activity and communication data generally for the duration of the relevant feature or until deletion or justified removal
Log and security data for as long as necessary for investigation and IT security

14. Your rights

You have the following rights under the GDPR, subject to the statutory conditions:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing based on legitimate interests (Art. 21 GDPR)
Right to withdraw consent with effect for the future

15. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, especially in the member state of your habitual residence, place of work or the place of the alleged infringement.

16. Changes to this Privacy Policy

We may update this Privacy Policy if legal requirements, technical processes or platform features change.