Privacy Policy – App PaPi
1. Controller
The controller responsible for data processing in the PaPi app is:
Michele Lipski
International Business Management (Sole Proprietorship)
Wegedornstraße 271
12524 Berlin
Germany
E-Mail: papi.world.app@gmail.com
No data protection officer has been appointed.
2. Data Collected
The PaPi app processes the following personal data of users:
– Profile data: profile name
– Contact data: phone number, e-mail address
– Payment data: e.g. credit card details, bank details or payment information via external
payment providers
– Usage data: information about the use of the app (e.g. log files, interactions, device data)
3. Purposes of Processing
Data is processed exclusively for the following purposes:
– Provision of the app and its functions
– Communication with users
– Payment processing
– IT security, prevention of misuse and fraud
4. Legal Bases for Processing
The processing of personal data in the PaPi app is based on the GDPR:
– Contract performance (Art. 6 (1) lit. b GDPR)
– Legal obligation (Art. 6 (1) lit. c GDPR)
– Legitimate interest (Art. 6 (1) lit. f GDPR)
5. Disclosure to Third Parties and Processors
External service providers are used to operate the PaPi app:
– Firebase (Google Ireland Limited): hosting, authentication, database
– Twilio (Twilio Ireland Limited): SMS and phone number verification
– Stripe (Stripe Payments Europe, Ltd.): payment processing
Data will not be passed on to other third parties unless required by law.
6. Storage Period and Deletion
– Profile and contact data: until the user account is deleted or after 1 year of inactivity
– Payment and invoice data: 10 years (legal retention period)
– Uploaded content: until deleted by the users themselves or upon deletion of the account
7. User Rights
Users have the following rights under the GDPR:
– Right of access (Art. 15 GDPR)
– Right to rectification (Art. 16 GDPR)
– Right to erasure (Art. 17 GDPR)
– Right to restriction of processing (Art. 18 GDPR)
– Right to data portability (Art. 20 GDPR)
– Right to withdraw consent (Art. 7 (3) GDPR)
– Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
8. International Data Transfers
When using Firebase and Twilio, personal data may be transferred to the USA.
The transfer is based on the EU Commission’s Standard Contractual Clauses (Art. 46 GDPR).
However, access by US authorities cannot be completely ruled out.
9. Payouts
Payouts to users are made within 2 weeks after confirmation of the payout in the app.
10. Changes to this Privacy Policy
We reserve the right to amend or update this Privacy Policy at any time with effect for the future.
The current version is always available in the app. Users will be informed of significant changes
in an appropriate manner.