Information about the processing of your data

In accordance with Article 12 of the General Data Protection Regulation (hereinafter: GDPR), we are obliged to inform you about the processing of your data when using our app. We take the protection of your personal data very seriously and this data protection declaration informs you about the details of the processing of your data and your legal rights in this regard. We reserve the right to adapt the data protection declaration with effect for the future, especially in the case of further development of the app, the use of new technologies or changes in the legal basis or the corresponding case law. We encourage you to review the Privacy Policy from time to time and keep a printout or copy for your records.

Responsible Vendor

Responsible for the processing of personal data within the scope of this data protection declaration is:
Timeshares Inc.
641 5th ave unit 23
New York, NY 10022
‍myron.schulz@timesharesapp.com

Questions about data protection

If you have any questions about data protection with regard to our company or our app, you can contact us:
Timeshares Inc.
641 5th ave unit 23
New York, NY 10022
‍myron.schulz@timesharesapp.com

Security

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external disturbances. To this end, we regularly review our security measures and adapt them to the state of the art.

Your rights

You have the following rights with regard to your personal data, which you can assert against us:

• Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.

• Right to correction: If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request a completion.

• Right to erasure: In accordance with Art. 17 GDPR, you can request the erasure of your personal data.

• Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request a restriction of your personal data.

• Right to object to processing: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) sentence 1 lit. e) or lit. f) GDPR takes place, according to Art. 21 Para. 1 GDPR to file an objection. In this case, we will not process your data further unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, and if the processing serves to assert and exercise or defend against legal claims ( Art. 21 Para. 1 GDPR). In addition, according to Art. 21 Para. 2 GDPR, you have the right to object at any time to the processing of personal data relating to you for the purpose of direct advertising; this also applies to any profiling insofar as it is associated with such direct advertising. We draw your attention to the right of objection in this data protection declaration in connection with the respective processing.

• Right to revoke your consent: If you have given your consent to processing, you have a right of revocation in accordance with Article 7 (3) GDPR.

• Right to data portability: You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format (“data portability”) and the right to have this data transmitted to another person responsible if the The prerequisite of Art. 20 Para. 1 lit. a, b GDPR are met (Art. 20 GDPR).

You can assert your rights by notifying the contact details given in the “Responsible provider” section. If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to complain to a data protection supervisory authority of your choice. You can find more information about your rights in relation to your personal data, for example, from the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_de .

Legal bases for processing

We process your personal data if and to the extent that this is necessary for the initiation, justification, implementation and/or termination of a legal transaction with our company. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. After the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or deleted, unless we have given your consent (e.g. consent to the processing of the e-mail address for sending electronic advertising mail), a contractual Agreement, a legal authorization (e.g. authorization to send direct mail) or due to legitimate interests (e.g. storage to enforce claims) are entitled to further storage and processing required in the respective context. Your personal data will be passed on if it is necessary for the establishment, implementation or termination of legal transactions with our company (e.g. when passing on data to a payment service provider/a shipping company to process a contract with you), (Art. 6 Paragraph 1 sentence 1 lit. b) GDPR), or

• a subcontractor or vicarious agent, whom we use exclusively within the scope of providing the offers or services you require, requires this data (unless you have been expressly informed otherwise, such auxiliary persons are only entitled to process the data to the extent that this is necessary for the provision of the offer or service is necessary),

• an enforceable official order (Art. 6 Para. 1 S. 1 lit. c) GDPR) exists,

• there is an enforceable court order (Art. 6 Para. 1 S. 1 lit. c) GDPR),

• we are obliged to do so by law (Art. 6 Para. 1 S. 1 lit. c) GDPR),

• the processing is necessary to protect the vital interests of the data subject or another natural person (Article 6 (1) sentence 1 lit. d) GDPR),

• it is necessary for the performance of a task that is in the public interest or in the exercise of official authority (Art. 6 Para. 1 S. 1 lit. e),

• we are authorized or even obliged to pursue overriding legitimate interests in disclosure (Article 6 (1) sentence 1 lit. f) GDPR).

Your personal data will not be passed on to other people, companies or bodies unless you have given your effective consent to such a transfer. The legal basis for the processing is Article 6 Paragraph 1 Clause 1 Letter a) GDPR.

Download the mobile app

When downloading the mobile app, the required information and your data will be sent to the app store (Apple App Store: Apple Inc., 1 Infinite Loop , Cupertino, CA 95014, USA), in particular username, email address and customer number of your accounts, time of download, payment information and the individual device code. We have no influence on this data processing by Apple and are not responsible for it. We only process data to the extent necessary to download the mobile app to your mobile device. Apple may process your data in the USA. We have agreed standard contractual clauses with Apple to oblige both providers to maintain an appropriate level of data protection. We will provide you with a copy on request. Further information on data protection, in particular on the storage period, can be found at Apple https://www.apple.com/legal/privacy/en-ww/.

Use of the native app, access data

As part of your use of the app, we automatically process certain data that is required for the use of the app, in particular to ensure access to the Internet. Which includes:

• Operating system used and its interface

• Language and version of the operating system

• Host name of the accessing end device

• IP address

• Content of the request (specific page)

• Date and time of the server request

• Amount of data transferred

• Time zone difference to Greenwich Mean Time (GMT)

• Name of the mobile device

The access data is not used to identify individual users and is not merged with other data sources. The access data will be deleted when they are no longer required to achieve the purpose for which they were processed. In the case of the collection of data for the provision of the app and internet access, this is the case when you end your visit to the app.
The access data is automatically transmitted to us in order to make the app and the associated functions available to you and to prevent and eliminate misuse and malfunctions. Processing of your IP address, for example, is required for the duration of the app usage session. IP addresses are stored in log files to ensure the functionality of the mobile app and to prevent misuse. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. The access data will be stored for as long as is necessary to achieve the purpose of the processing. In the case of the collection of data for the provision of the app and for internet access, this is the case when you exit the app.IP addresses are stored in log files to ensure the functionality of the mobile app. In addition, we use the data to optimize the mobile app and to ensure the security of our information technology systems.
‍You can object to the processing. You have the right to object for reasons that arise from your particular situation. You can send us your objection using the contact details given in the “Responsible provider” section.Contacting our company
‍If you contact our company, e.g. by e-mail, the personal data you provide will be processed by us to answer your request. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. The data is processed exclusively for processing in the context of the conversation. We delete the data arising in this context after the processing is no longer necessary, or restrict the processing to compliance with the existing statutory retention requirements.

Create Account

When registering in our app, you can log in with your Apple account. If you wish to acquire a share of a digital asset, further personal data will be requested, eg your name and address. Furthermore, the following data is processed at the time of registration: IP address, date/time of registration. The data will be deleted as soon as they are no longer required to achieve the purpose of their processing. After successful registration, you will be assigned an account ID to enable transactions to be assigned to you.

The legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR. The provision of your data is contractually required and obligatory for registering for the app. If you do not register, it is not possible to conclude/implement a contract for using the app. The data will be stored until they are no longer required to achieve the purpose of their processing or until the statutory retention requirements have expired. This is the case for the data collected during the registration process if the registration in the app is canceled or completely changed. If you remove the app from your end device, we will delete your data collected for using the app.

Apple Sign In

You have the option of registering in our app using the Apple login function. With the help of “Apple Sign In” you can log in to us with your Apple ID. We would like to save you the creation of an additional account and the time required for the registration process. When you log in with your Apple ID, depending on your selection, either your email address stored with Apple or an email address generated once by Apple will be sent to us. Only Apple can assign the e-mail address once created to the user and their e-mail address. Apple, on the other hand, only receives the information that you are a user of our app. There is no further processing of your usage data by Apple. Apple may process your data in the USA. We have agreed standard contractual clauses with Apple to oblige Apple to maintain an adequate level of data protection. We will provide you with a copy on request. The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f) GDPR. With the login function, we are pursuing the legitimate interest of saving you from registering on our platform and optimizing our offer or designing it individually for you. Further information on data protection, in particular on the storage period, can be found at https://www.apple.com/legal/privacy/en-ww/.

You can object to the processing. You have the right to object for reasons that arise from your particular situation. You can send us your objection using the contact details given in the “Responsible provider” section.

Reservation, purchase and sale of shares

Various functions relating to digital assets are available to you in our app. If you reserve a share in a digital asset (share), your expression of interest will be assigned to your user account. When you purchase a share, further personal data such as your full name and address will be requested and stored in your user account and wallet along with an overview of your transactions. Only your wallet ID is then stored with the digital asset on the blockchain. Only a randomly assigned identification number is assigned and processed on the blockchain. Your digital assets are mapped to this ID on the blockchain. Provider is Polygon Blockchain. There is no adequacy decision for the transmission of your data. We process your data exclusively for contract processing.

If you decide to sell your share or buy new shares, the information will be added to your wallet in your user account. Only your wallet ID is then stored with the digital asset on the blockchain. The processing takes place on the basis of Art. 6 (1) sentence 1 lit. b) GDPR. The provision of your data is necessary and obligatory for the conclusion and implementation of the contract. If the data is not provided, it is not possible to acquire shares in digital assets.

Verification and Identification Procedures

In addition to reserving, buying and selling shares, you can also trade digital assets (shares) in our app. In order to be able to use this function fully, it is necessary due to legal obligations under the Money Laundering Act that the user account is verified. For this we use the identification services of PassBase. After calling up the identification process in our app, you will be forwarded to PassBase interface.If you have not yet carried out an identity check for another service provider, your personal data such as first and last name, address, place and date of birth will be transmitted PassBase. The transmission of this master data serves to verify the user by means of an audio-visual video identification and to verify a permissible identification document. This includes checking security features of an acceptable identification document to prevent misuse, fraud and counterfeiting by presenting the identification document during audiovisual video identification or scanning the identification document of the identification document. The processing of your personal data as part of the video identification procedure is carried out for the purpose of ensuring the statutory due diligence and identification obligations under the Money Laundering Act and the prevention of money laundering and terrorist financing. In the course of the verification process, due to the legal due diligence and identification obligations under the Money Laundering Act, information on tax liability as well as knowledge and experience with financial products is requested in addition to the master data. After successfully identifying and verifying the account by PassBase in our app, the user can trade shares as a seller or buyer.Your personal data is processed for the purpose of preventing money laundering and terrorist financing. The legal basis for processing as part of the implementation of the verification procedure is Article 6 Paragraph 1 Clause 1 Letter c) GDPR in conjunction with Article 11a Paragraph 1 of the Money Laundering Act (GwG). According to Sections 10 ff. GwG, we are legally obliged to identify users of the trading function with the necessary care. The storage period of the data for carrying out the verification procedure is five years in accordance with the legal storage obligation under the Money Laundering Act, unless other legal provisions on recording and storage obligations provide for a longer period.

Selling Shares

To offer shares (selling), the user selects the number and unit price of the shares in our app that he would like to offer for sale. After binding confirmation, the offer will be published on the “Open Market” in the app. The master data provided will be processed exclusively for the purpose of executing the contract. The legal basis for processing in connection with the sale of shares is Art. 6 (1) sentence 1 lit. b) GDPR. The provision of your data is necessary and obligatory for the conclusion and implementation of the contract. If the data is not provided, trading or selling shares in digital assets is not possible. The data will be stored for as long as they are required to achieve the purposes of processing or until the statutory retention requirements have expired (e.g. mandatory commercial and tax retention requirements in relation to invoice data). This is the case for the data collected during the registration process if the registration in the app is canceled or completely changed.

Buying shares

To purchase shares (buying), the user selects the relevant asset and checks it on Open Market or the user reserves shares on Initial Offering and waits for 100% to be purchased. With purchases on Open Marketing the matching happens automatically once the ASK (selling offer) is matched with the BID (you offer to buy). Until the match happens the user may modify or cancel their BIDs and ASKs at any time. With reserved shares on Initial Offering, there is no way to make changes or cancel until the Initial Offering is done. The duration of the Initial Offering is 30 days. In case of successful Initial Offering, when all 100% of offered shares are reserved - upon its completion, the shares are transferred to new owners. In case of unsuccessful Initial Offering, when not all 100% of offered shares are reserved - the digital asset is removed from the App’s Initial Offering.The legal basis for processing in connection with the purchase of shares is Art. 6 (1) sentence 1 lit. b) GDPR. The provision of your data is necessary and obligatory for the conclusion of the contract or the implementation. If the data is not provided, trading or the purchase of shares in digital assets is not possible. The data will be stored for as long as they are required to achieve the purposes of processing or until the statutory retention requirements have expired (e.g. mandatory commercial and tax retention requirements in relation to invoice data). This is the case for the data collected during the registration process if the registration in the app is canceled or completely changed.

Hosting

Supabase

We use external hosting services from Supabase to provide you with the following services: infrastructure and platform services, computing capacity, storage resources and database services, Security and technical maintenance services. All data required for the operation and use of our app is processed. We use external hosting services to operate this app offering. We have agreed standard contractual clauses with Supabase in order to oblige Supabase to maintain an appropriate level of data protection. We will provide you with a copy on request. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interests in the use of external hosting services are an efficient and secure provision of our app offering.
‍You can object to the processing. You have the right to object for reasons that arise from your particular situation. You can send us your objection using the contact details given in the “Responsible provider” section.

Cloudflare

We also use Cloudflare as a cloud service provider. Your IP address will be transmitted and processed. We have agreed standard contractual clauses with Cloudflare to oblige Cloudflare to maintain an appropriate level of data protection. We will provide you with a copy on request. A permanent storage of your data does not take place here. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. We use Cloudfront to make our app offering more attractive and to optimize app loading times.You can object to the processing. You have the right to object for reasons that arise from your particular situation. You can send us your objection using the contact details given in the “Responsible provider” section.The following third parties are used additional to deliver the best features and performance in the TimeShares app:

• Retool;

• GitHub;

• Render.com.

We have agreed standard contractual clauses with these tools to oblige them to maintain an appropriate level of data protection. We will provide you with copies on requests. A permanent storage of your data does not take place here. The legal basis for processing is Art. 6 (1) sentence 1 lit. f) GDPR. We use Cloudfront to make our app offering more attractive and to optimize app loading times.
‍You can object to the processing. You have the right to object for reasons that arise from your particular situation. You can send us your objection using the contact details given in the “Responsible provider” section.