Privacy Policy

LYNQ GmbH & Co. KG, Josephinenstr. 17, 40212 Dusseldorf, Germany (hereinafter referred to as "LYNQ", "we" or "us") operates a geolocation-based social networking application with an associated database (hereinafter referred to as the "Service"). The Service enables users to discover and connect with other users nearby for personal and professional purposes via mobile app.

This Privacy Policy explains how we collect, use, and protect your personal data when you use the LYNQ app and website. All processing is carried out in accordance with applicable data protection law, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

References to defined terms in this policy follow Art. 4 GDPR.

‍

1. Controller

The controller within the meaning of Art. 4(7) GDPR is:

LYNQ GmbH & Co. KG
Josephinenstr. 17
40212 Düsseldorf
Germany

Email: privacy@lynq.me

‍

2. Data Protection Officer (DPO)

In accordance with Art. 37 GDPR and Sec. 38 BDSG, the Provider has appointed a Data Protection Officer. The Data Protection Officer can be contacted at:

Email: dpo@lynq.me

Postal address: Data Protection Officer, LYNQ GmbH & Co. KG, Josephinenstr. 17, 40212 Dusseldorf, Germany

You may contact the Data Protection Officer directly and confidentially. The Data Protection Officer is bound by professional secrecy and may not be instructed by the Provider in the performance of their duties.

‍

3. Legal Bases for Processing

The Provider processes personal data on the following legal bases:

a. Contract performance (Art. 6(1)(b) GDPR): Processing is necessary to provide the Service as described in the Terms of Use, including core app features such as profile display, user discovery, geolocation-based matching, AI-powered recommendations, and personalised introductions. These features are integral to the Service and cannot be disabled without fundamentally altering the nature of the contractual relationship.

b. Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for purposes of the Provider's legitimate interests, including the security and integrity of the Service, fraud prevention, analytics for product improvement, and the technical operation of the platform, provided such interests are not overridden by the data subject's interests or fundamental rights and freedoms.

c. Consent (Art. 6(1)(a) GDPR): For processing activities that are not necessary for the performance of the contract and for which no other legal basis applies, the Provider relies on the User's freely given, specific, and informed consent. Where consent is the legal basis, you have the right to withdraw it at any time (see Section 10).

d. Legal obligation (Art. 6(1)(c) GDPR): Where processing is required to comply with a legal obligation to which the Provider is subject, including applicable tax, commercial, and regulatory laws.

Where the Provider relies on legitimate interests as the legal basis, the Provider has carried out a balancing test to ensure that such interests are not overridden by the interests, rights, or freedoms of data subjects. Documentation of these assessments is available on request from the Data Protection Officer.

‍

4. Data We Collect

In order to operate its geotracking-based social media app and to be able to offer products and services described on the LYNQ website, in particular at www.lynq.app and www.lynq.me, the Provider requests information from the User and automatically collects data about the User’s use of the LYNQ app. In addition, the Provider requests the release of the location data of the User’s mobile device (e.g., smartphone) if this is activated via the LYNQ app and required for benefits and services. These data protection provisions regulate which personal data the Provider may collect from the User and what the Provider will or will not do with this data.

a. Registration and profile data: When you create a LYNQ account, you provide personal data including your mobile phone number, first name, surname, photographs, profession,employer, industry, hometown, languages spoken, interests, favorite activities, favorite places, and links to external profiles (such as Instagram, LinkedIn, or personal websites). Authentication is performed via one-time SMS codes; no password is stored.

b. Location data: With your permission, the Provider collects your precise GPS location to enable geolocation-based features including discovery of nearby users, events, and places. The Provider also derives and retains your city-level location history for contextual features as described in Section 15.

c. Usage and interaction data: The Provider automatically collects data about how you use the Service, including: features accessed, profiles viewed, search queries entered and filters applied, LYNQ requests sent and received, events and circles joined or created, Places marked or visited, in-app messages and notifications, session duration and frequency, and membership and feature usage patterns.

d. Technical data: The Provider collects device and network information including IP address, device type and model, operating system and version, app version, browser type, language settings, and diagnostic data. User name and password are not collected; login is handled via SMS verification code.

e. Contact data: With your explicit permission, the Provider temporarily processes your device contact list solely to identify which of your contacts are already registered on LYNQ and to enable you to invite selected contacts. Contact data is not stored beyond the duration necessary for this function and is never shared with third parties or used for advertising.

f. Communication data: Content of messages sent and received between users via the in-app messaging system.

‍

5. How We Use Your Data

The Provider uses your personal data for the following purposes:

a. Providing the Service: Enabling user registration, login, profile display, and account management; displaying your profile to other users in accordance with your privacy settings; enabling geolocation-based user discovery, event participation, and circle membership.

b. AI-powered personalisation: Generating personalised recommendations of users, events, circles, and places; creating profile introduction texts; and powering other intelligent in-app features as further described in Sections 6 and 7. This processing is necessary for the performance of the contract (Art. 6(1)(b) GDPR) as AI-driven personalisation is a core, integral feature of the Service.

c. City arrival notifications: Notifying you when contacts are nearby in cities you visit, as further described in Section 14.

d. Communication: Sending service notifications, security alerts, and information relevant to your account and membership.

e. Payments and billing: Processing membership payments, issuing invoices and payment confirmations, and managing subscription status.

f. Security and integrity: Detecting and preventing fraud, abuse, spam, and violations of theTerms of Use; conducting content moderation as described in Section 15.

g. Analytics and improvement: Analysing aggregate usage patterns to improve the Service, develop newfeatures, and ensure technical stability.

h. Legal compliance: Fulfilling legal obligations under applicable law.

‍

6. AI Language Model Services

To deliver intelligent and personalised features within the Service, the Provider uses AI language model services from the following third-party providers (collectively "AI Services"):

OpenAI, Inc. (via OpenAI Ireland Ltd., 1 Cumberland Place, Fenian Street, Dublin 2, Ireland) - services include theChatGPT and GPT API.

Anthropic, PBC, 548 Market St, San Francisco,CA 94104, USA - services include the Claude API.

Google Ireland Limited, Gordon House,Barrow Street, Dublin 4, Ireland - services include the Gemini API.

These AI Services are used for the following purposes:

a. Profile introductions: AI-generated introductory texts are created to help users present themselves to the community. This uses profile data you have provided, including name, profession, hometown, and stated interests.

b. Personalised recommendations: AI Services analyse user profile data and in-app behaviour to generate contextually relevant recommendations of other users, events, circles, and places. The data processed for this purpose includes: name and profile information; profession, industry, and professional fields; current location and recently visited cities; in-app search queries and filters applied; profiles viewed and interaction history; Circle memberships and event participation; stated interests, favorite activities, and favorite places; languages; and LYNQ contact connections.

c. City arrival and proximity features: AI Services assist in identifying contextually relevant connection opportunities when a user arrives in a city, drawing on location data and contact relationships as further described in Section 14.

d. Search interpretation: AI Services interpret free-text search queries to deliver relevant results across users, events, circles, and places.

e. Other in-app intelligence:AI Services may support additional personalisation, quality, and safety features within the Service.

The legal basis for AI processing described in this section is the performance of the contract pursuant to Art. 6(1)(b) GDPR, as these AI-powered features constitute a core and integral part of the Service. Where processing goes beyond contract performance, the legal basis is the Provider's legitimate interests pursuant to Art. 6(1)(f) GDPR in providing a high-quality, personalised social networking service.

Data minimisation: Only data categories necessary for the specific function are transmitted to AI Services in each individual request. The Provider does not transmit data in excess of what is required for the stated purpose.

Data processing by AI Services: Each AI Service provider processes data as a processor under Art. 28 GDPR. The Provider has concluded Data Processing Agreements (DPAs) with each provider. API-processed data is not used by these providers to train their models outside of the DPA terms. Transmitted data is retained by each provider only for the period specified in the applicable DPA(typically up to 30 days) and is then deleted from provider systems.

International transfers: All three AI Service providers are based in or transfer data to the United States. Transfers are safeguarded as follows:

OpenAI: Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR, via OpenAI Ireland Ltd. as the EU-established entity.

Anthropic: Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and Anthropic's participation in the EU-U.S. Data Privacy Framework (DPF).

Google: Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and Google's participation in the EU-U.S. Data Privacy Framework (DPF).

Further information on each provider's data protection practices:

OpenAI: https://openai.com/policies/privacy-policy/

Anthropic: https://www.anthropic.com/privacy

Google: https://policies.google.com/privacy

‍

7. Personalised Recommendations and Profiling

To deliver personalised content and recommendations within the Service, the Provider processes personal data about user behaviour, preferences, and activity. This constitutes profiling within the meaning of Art. 4(4) GDPR.

Data used for profiling includes: In-app search queries and filters; profiles viewed, LYNQ requests sent and received; events and circles joined, created, or browsed; places marked as favorites or visited; location data (city-level) and proximity to other users; membership type and feature usage patterns; and time and frequency of app interactions.

Logic and purpose: This data is analysed, including with the assistance of the AI Services described in Section 6, to generate ranked recommendations of users, events, circles, and places that are statistically likely to be relevant to the user based on their activity patterns and profile attributes. Recommendations represent suggestions only. No profiling activity produces automated decisions with legal effect ordecisions of equivalent significance on the user. Users remain in full controlof all connection, participation, and engagement decisions.

Legal basis: The performance of the contract pursuant to Art. 6(1)(b) GDPR. Personalised recommendations are a core and integral feature of the Service. Processing your activity data to generate recommendations is necessary to provide the Service as described in the Terms of Use. Because this processing is based on contract performance rather than legitimate interests, the right to object under Art. 21 GDPR does not apply. If you do not wish your data to be processed for personalisation purposes, you may delete your account and discontinue use ofthe Service.

‍

8. Automated Processing and AI Features

The Provider employs automated processing, including artificial intelligence, for the following purposes within the Service:

a. Personalised recommendations: As described in Section 7. Recommendations are non-binding suggestions.

b. Profile introductions: AI-generated introductory texts as described in Section 6(a). You retain the ability to review, edit, or decline any generated introduction.

c. Search interpretation: Automated interpretation of search queries to deliver relevant results.

d. Content moderation:Automated systems and, where necessary, human moderators may review user-generated content to detect potential violations of the Community Guidelines or applicable law. Where automated moderation results in content restriction or account action, you have the right to request human review by contacting support@lynq.me.

None of the automated processing described in this section constitutes solely automated decision-making with legal or similarly significant effects within the meaning of Art. 22(1) GDPR. All decisions with significant consequences for users are subject to human oversight.

The Provider uses Stream.io, provided by Stream.io Inc., 350 Interlocken Blvd, Suite 200, Broomfield, CO 80021, USA, to enable messaging between usersand to deliver in-app notifications.

Transparency under the EU AI Act: The Provider is preparing for full compliance with the EU AI Act transparency requirements applicable from August 2026, including disclosure of AI-generated content and notification of AI-mediated interactionswhere required.

Right to contest: If you believe an automated system has treated you unfairly or incorrectly, you may request human review by contacting support@lynq.me. We will respond within 30 days.

‍

9. Infrastructure and Cloud Services

a. Amazon Web Services (AWS): The LYNQ application is hosted on the Amazon Web Services cloudplatform provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. All personal data is stored and processed exclusively on AWS servers located within the European Union. AWS is certified to ISO 27001, SOC 1, SOC 2, and SOC 3 standards. AWS acts as a processor pursuant to Art. 28GDPR. The Provider has concluded a Data Processing Agreement with AWS. No independent access to stored data is granted to AWS beyond what is required for infrastructure provision. Further information: https://aws.amazon.com/privacy/

b. MongoDB: User data is stored in MongoDB database services provided by MongoDB, Inc., 1633 Broadway, 38th Floor, New York, NY 10019, USA, with processing exclusively on servers in the European Union. MongoDB acts as a processor pursuant to Art. 28 GDPR. Processing is carried out on the basis of Standard Contractual Clause sensuring an adequate level of data protection. Further information: https://www.mongodb.com/legal/privacy/privacy-policy

‍

10. Messaging and Notification Services

The following data is transmitted to Stream.io for this purpose: user ID; user display name; profile photograph; content of messages sent and received (text and images); notification content.

Where the Provider integrates Google Maps and Google Places features, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, these services may process your IP address and, where location services are active and you have given permission, your location data.

The legal basis is the performance of the contract pursuant to Art. 6(1)(b) GDPR. Stream.io acts as a processor pursuant to Art. 28 GDPR. The Provider has concluded a Data Processing Agreement with Stream.io. Data transfers to the USA are safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Further information: https://getstream.io/legal/privacy/

‍

11. SMS Authentication Services

The Provider uses the following third-party services to deliver one-time SMS authentication codes to users:

a. Vonage: The SMS service of Vonage Holdings Corp. (via Vonage Communications Ltd., 7 Savoy Court, London, WC2R 0EX, UK) is used to transmit authentication codes. The following data is transmitted to Vonage for this purpose: the mobile phone number provided by the user; an individually generated one-time authentication code. Vonage acts as a processor pursuant to Art. 28 GDPR. The Provider has concluded a Data Processing Agreement with Vonage. Further information: https://www.vonage.com/legal/privacy-policy/

b. Google Firebase Authentication: The Provider also uses Google Firebase Authentication, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to deliver SMS-based one-time authentication codes. The following data is transmitted to Google for this purpose: the mobile phone number provided by the user; an individually generated one-time authentication code; device and session metadata required for fraud prevention and abuse detection. Google Ireland Limited acts as a processor pursuant to Art. 28 GDPR. The Provider has concluded a Data Processing Agreement with Google. Data transfers to the USA are safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and Google's participation in the EU-U.S. Data Privacy Framework. Further information: https://firebase.google.com/support/privacy

By providing their mobile phone number during registration, the user agrees to receive authentication SMS messages from LYNQ via either of the above providers. The legal basis for both services is the performance of the contract pursuant to Art. 6(1)(b) GDPR and the legitimate interests of the Provider pursuant to Art. 6(1)(f) GDPR in providing a secure and reliable authentication mechanism.

‍

12. Maps and Location Services

If you are logged into a Google account when using map features, your data may be associated with that account by Google. The legal basis is the performance of the contract pursuant to Art. 6(1)(b) GDPR for map-dependent features and legitimate interests pursuant to Art. 6(1)(f) GDPR. The Provider has concluded a Data Processing Agreement with Google pursuant to Art. 28 GDPR. Datatransfers to the USA are safeguarded by Standard Contractual Clauses and Google's participation in the EU-U.S. Data Privacy Framework.

Further information: https://policies.google.com/privacy

‍

13. App Distribution Platforms

The legal bases are legitimate interests pursuant to Art. 6(1)(f) GDPR and, where applicable, contract performance pursuant to Art. 6(1)(b) GDPR. Further information: https://www.apple.com/legal/privacy/

a. Apple App Store and App Store Connect: The LYNQ application is distributed via the Apple App Store, operated by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. As part of app distribution, the following data may be processed by Apple: user ID; diagnostic data; unique device identifier for advertising; purchase history; usage data; product interactions; search history; identifier for vendor (IDFV); universally unique identifier (UUID). App Store Connect provides the Provider with aggregated analytics data about app performance and user interactions. Analytics data from App Store Connect is only made available to the Provider where the user has consented to share diagnostics and usage data with Apple in their device settings.

b. Google Play Store and Play Console: The LYNQ application is also distributed via the Google Play Store, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As part of app distribution, the following data may be processed by Google: user ID; diagnostic data; unique device identifiers; purchase history; usage data; product interactions. Play Console provides the Provider with aggregated analytics data where the user has consented to share this information. The Provider has concluded a Data Processing Agreement with Google pursuant to Art. 28 GDPR. Transfers to the USA are safeguarded by Standard Contractual Clauses and Google's participation in the EU-U.S. Data Privacy Framework. Further information: https://policies.google.com/privacy

‍

14. Device Permissions

a. Location access: With your explicit permission, the Provider accesses your device's precise GPS location to display nearby users, events, and places, and to enable geolocation-based features of the Service. The Provider updates your location on app start and when updating or visiting specific screens. The Provider also uses your location in the background to detect when you arrive in a new city, in order to notify your connections that you are nearby. This applies only in case this service is enabled in your app settings. Location data is transmitted to the Provider's servers only during active use of the app on specific screen interactions and/or when you cross a city boundary. The location is not tracked permanently. The Provider does not retain exact location histories. Only the cities visited are retained for contextual recommendation and notification features (see Section 5(c)). You can revoke location permission at any time through your device settings, which will disable geolocation-based features including city arrival notifications. The legal basis is the performance of the contract pursuant to Art. 6(1)(b) GDPR, as location access is a core function of the geolocation-based Service.

b. Contact access: With your explicit permission, the Provider may temporarily access your device contact list to identify which of your contacts are already registered on LYNQ and to enable you to invite selected contacts. Contact data is not stored beyond the duration necessary for this function and is never used for advertising or shared with third parties. Invitations are sent only after you manually select individual contacts. The legal basis is your consent pursuantto Art. 6(1)(a) GDPR.

c. Photo library access:With your explicit permission, the Provider accesses your photo library solely to allow you to select and upload images to your profile or events. Photos are accessed only when you actively initiate an upload. No other photos in your library are accessed, stored, or analysed. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR.

‍

15. Content Moderation

To maintain a safe and lawful environment in accordance with the Provider's Community Guidelines and applicable law, the Provider monitors content shared within the Service. Moderation may be conducted by automated systems designed to detect harmful, inappropriate, or non-compliant content, and by human moderators who review flagged content.

The legal basis for content moderation is compliance with legal obligations pursuant to Art. 6 (1) (c) GDPR and the Provider's legitimate interests pursuant to Art.6 (1) (f) GDPR in operating a safe and lawful platform.

All moderation is performed in accordance with applicable data protection law and the Provider's internal governance policies. Moderators access user-generated content exclusively for the purpose of assessing compliance with Community Guidelines and applicable law.

If your content has been restricted or your account has been actioned and you believe this decision was made in error, you may request human review by contacting support@lynq.me. We will respond within 30 days.

‍

16. Cookies, Analytics, and Tracking Technologies

Cookies are small data files stored on your device. The Provider uses cookies and similar tracking technologies on its website and within the app in accordance with Sec. 25 TDDDG and Art. 6 GDPR.

Strictly necessary cookies: These cookies are required for the technical operation of the website, including session management and security. They do not require consent and are set on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR. They cannot be disabled without materially impairing website functionality.

Analytics and non-essential cookies: Cookies and tracking technologies used for analytics, performance measurement, and other non-essential purposes are only set or activated with your prior consent pursuant to Sec. 25(1) TDDDG and Art. 6(1)(a) GDPR. You may give, refuse, or withdraw consent at any time via the cookie consent banner on the website or the consent mechanism in the app.

a. Google Analytics:The Provider uses Google Analytics 4, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to analyse usage of its website and app. Google Analytics uses cookies and similar technologies to collect information about how users interact with the Service. Data including anonymised IP addresses may be transmitted to Google servers in the USA. The Provider has implemented Google Consent Mode v2; analytics data is only collected following your explicit consent. The transfer to the USA is safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and Google's participation in the EU-U.S. Data Privacy Framework. The Provider has concluded a Data Processing Agreement with Google pursuant to Art. 28 GDPR. Legal basis: consent (Art. 6(1)(a) GDPR, Sec. 25(1) TDDDG). Further information: https://policies.google.com/privacy

b. Facebook SDK: TheProvider uses the Facebook SDK provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for app analytics and content sharing features. The Facebook SDK may use device identifiers and similar tracking technologies to collect information about app usage and interactions. The following data may be transmitted to Meta: technical data(device type, operating system, app version); app usage data (features accessed); information about interactions with Facebook-integrated features. Meta is certified under the EU-U.S. Data Privacy Framework (DPF). The Provider has concluded a Data Processing Agreement with Meta pursuant to Art. 28 GDPR. Legal basis: consent (Art. 6(1)(a) GDPR, Sec. 25(1) TDDDG). You may withdraw consent by contacting privacy@lynq.me. Further information: https://www.facebook.com/privacy/policy/

If you prefer not to accept any cookies, you can configure your browser to block them. Please note that blocking strictly necessary cookies may impair the functionality of certain parts of the website.

‍

17. International Data Transfers

The Provider primarily stores and processes personal data within the European Union. Where data is transferred to third countries (including the United States), the Provider ensures adequate protection through one or more of the following mechanisms:

Standard Contractual Clauses (SCC) approved by the European Commission pursuant to Art.46 (2) (c) GDPR;

The EU-U.S. Data Privacy Framework (DPF) where the recipient is certified thereunder;

Other appropriate safeguards pursuant to Art. 46 GDPR.

A summary of transfer mechanisms by processor is provided within the relevant sections of this Privacy Policy (Sections 6, 9, 10, 11, 12, 13, 16). You may obtain copie sof applicable Standard Contractual Clauses by contacting privacy@lynq.me.

‍

18. Data Retention

The Provider retains personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by applicable law.

Account and profile data is retained for the duration of your account and deleted within 30 days following account deletion or deactivation. Financial and invoice records are retained for 10 years in accordance with statutory obligations under Sec. 257 HGB and Sec. 147 AO. All other personal data is deleted or anonymised as soon as it is no longer necessary for the purpose for which it was collected.

‍

19. Data Security

In accordance with Art. 32 GDPR, the Provider has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include encryption of data in transit and at rest, access controls and authentication requirements, regular security assessments, and contractual security requirements imposed on all processors.

The LYNQ application is hosted exclusively on ISO 27001, SOC 1, SOC 2, and SOC 3 certified infrastructure. Despite these measures, no data transmission over the internet or electronic storage system can be guaranteed to be 100% secure.

‍

20. Data Sharing and Disclosure

The Provider does not sell personal data to third parties. Personal data is shared only in the following circumstances:

a. With processors: The Provider shares data with service providers acting as processors under Art. 28 GDPR (including those described in Sections 6, 9, 10, 11, 12, 13, 16 of this Privacy Policy) solely to the extent necessary to provide the Service. All processors are contractually bound to process data only on the Provider's documented instructions and to implement appropriate security measures.

b. With other users: Your profile information is visible to other users of the Service in accordance with your privacy settings. By default, profile information is visible to all users of the Service. You may restrict visibility of certain information (such as precise distance) in the app settings.

c. Legal requirements: Where required by applicable law, court order, or a binding request from a competent governmental or regulatory authority, including law enforcement authorities.

d. Business transfers: In the event of a merger, acquisition, or transfer of all or substantially all of the Provider's assets, personal data may be transferred to the acquiring entity, subject to the same data protection obligations set out in this Privacy Policy.

e. Protection of rights: Where necessary to protect the Provider's legal rights or to prevent imminent harm to users or third parties.

f. Aggregated or anonymised data: The Provider may share aggregated, anonymised data that does not identify individual users with business partners for analytics and service improvement purposes.

‍

21. Data Breach Notification

In the event of a personal data breach, the Provider will assess the risk to data subjects and, where required by Art. 33 GDPR, notify the competent supervisory authority without undue delay and in any event within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to the rights and freedoms of data subjects, the Provider will also notify affected individuals directly in accordance with Art. 34 GDPR, without undue delay and via the most appropriate channel (including via in-app notification or email where available).

‍

22. Your Rights

You have the right to access, correct, delete, or restrict the processing of your personal data, to data portability, to withdraw consent at any time, and to object to processing based on legitimate interests (Arts. 15-21 GDPR). To exercise any of these rights, contact privacy@lynq.me — we will respond within one month. You also have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR): ldi.nrw.de.

‍

23. Changes to This Privacy Policy

The Provider reserves the right to update this Privacy Policy to reflect changes to the Service, applicable law, or data processing practices. The version of the Privacy Policy published at the time of your use of the Service applies.

Where changes are material, the Provider will notify users in text form (including via in-app notification or email) with reasonable advance notice. You are encouraged to review this Privacy Policy periodically. The date of the most recent update appears at the end of this document.

‍

24. Contact

For all data protection enquiries, requests to exercise your rights, or concerns about the processing of your personal data, please contact:

Email: privacy@lynq.me

Postal: LYNQ GmbH & Co. KG, Josephinenstr. 17, 40212 Dusseldorf, Germany

For matters specifically concerning the Data Protection Officer: dpo@lynq.me

The Provider will endeavour to respond to all enquiries promptly and no later than within the statutory time frames.

Status:03/2026