The protection of your personal data is important to us, Cash App service. Therefore, we would like to offer you comprehensive transparency regarding the processing of your data in our services through this data protection declaration. Because only if the processing is comprehensible to you as a data subject are you sufficiently informed about the scope, purposes and benefits of the processing and we have complied with the requirements of the GDPR and CCPA.
The person/team responsible within the meaning of the Basic Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other data protection regulations is:
Hereinafter referred to as "responsible party" or "we".
a. Information about our authorizations
We process personal data within the legally permissible limits. This means that data processing operations are based on a legal basis. These are standardised in Art. 6 Para. 1 GDPR. Most data processing operations are based on a legitimate interest on our part (Art. 6 para. 1 lit. f GDPR), on processing operations necessary for the performance of the contract (Art. 6 para. 1 lit. b GDPR) or on the basis of consent granted by you (Art. 6 para. 1 lit. a GDPR). In the latter case you will be informed separately (e.g. via a cookie banner) of the consent procedure.
Personal data will only be passed on in the cases described below.
We process personal data only for clear purposes (Art. 5 para. 1 lit. b GDPR). As soon as the purpose of the processing ceases to apply, your personal data will be deleted or protected by technical and organisational measures (e.g. by pseudonymisation).
The same applies to the expiry of a prescribed storage period, subject to the cases in which further storage is necessary for the conclusion or fulfilment of a contract. In addition, a legal obligation may arise for longer storage or disclosure to third parties (in particular to law enforcement agencies). In other cases, the storage period and the type of data collected as well as the type of data processing depends on which Cash App app functions you use in each individual case. We will be happy to provide you with information on this in individual cases, in accordance with Art. 15 GDPR.
b. Information about the technical process of our app
Our app or the technical backend of our app ("network") is connected to various market research companies, marketplaces and enterprises (collectively "marketplaces"). These marketplaces regularly create surveys for their customers (companies). For these surveys, the marketplaces are looking for participants to participate in the surveys. In order to support the marketplaces in their search for participants, we have built our app with the services Cash App app. We bring the marketplaces that are looking for participants together with the participants, i.e. you. As a user of the app, you deposit personal data in your user account when creating a user account and when using a user account. This personal data is also called "qualifications" in our app. This is because we have to filter each new survey for which participants are being sought to determine whether you are eligible for the survey. Either we can find this out based on the qualifications you have already provided or we will ask you again to complete some additional qualifications that you can store in your user account. If you are eligible for a survey because the qualifications required by the marketplaces and the qualifications you have stored match, you have the opportunity to participate. If you decide to participate, we will pass on the matching qualifications to the marketplace. The survey itself is either conducted in our app itself or on the marketplace website or the website of the market research company or a company. A link in our app will connect you directly to the survey.
The use of Cash App app with all its functions requires the processing of certain personal data.
3.1 Informational use of the services of Cash App app
The purely informational calling of Cash App app requires the processing of the following personal data and information: the operating system used, the address of the terminal device with which you access Cash App app (IP address) as well as the time of calling Cash App app. All this information is automatically transmitted from your app, unless you have configured it in such a way that transmission of the information is suppressed.
These personal data are processed for the purpose of the functionality and optimization of Cash App app, as well as to ensure the security of our information technology systems. These purposes are at the same time legitimate interests according to Art. 6 para. 1 lit. f. GDPR.
to information according to Art. 15 para. 1 GDPR.
3.2 Contact form / Contact by e-mail
We process the data you provide us with when contacting us for the purpose of answering your enquiry, your e-mail or your request for a callback. Processed data categories are master data, contact data, content data, possibly usage data, connection data and possibly contract data. In individual cases, we forward this data to companies affiliated with us, i.e. only within our company/group. The legal basis of the processing depends on the purpose:
3.3 Creation and use of a user account
You can create a user account (hereinafter also referred to as "profile") in our services in order to use the Cash App app services and your features.
Other personal data that you can independently store in your user account or that you will be asked for in the context of the qualification query for a new survey include your age, your location, your gender and, if applicable, other personal characteristics ("qualifications") required by the survey partners for joining a survey.
When you log in to your profile, Cash App app places cookies on your device to allow you to stay logged in - even if you need to reload the app in the meantime. By creating your profile, you can use the functions of Cash App app.
The processing procedures connected with the creation and completion of a profile serve the purpose of being able to assign future usage procedures and to be able to access the entire range of Cash App app Services. Directly connected with this is, for example, the checking whether you are suitable for surveys that we receive from the marketplaces. In order to participate in surveys, you must meet the criteria requested for the specific survey. We will check whether you meet the criteria either by asking you (if we have not yet asked you for the criteria of the survey) or automatically (if we have already asked you for the criteria of the survey) after receiving the survey by comparing the criteria with the information you have provided about yourself. The processing of your data thus serves the implementation of the contract, is therefore purpose-bound and necessary in accordance with Art. 6 para. 1 lit. b GDPR.
The storage of IP address and time of registration is necessary to ensure the security of our information technology systems. This is also in our legitimate interest, which is why the processing is also lawful in accordance with Art. 6 para. 1 lit. f GDPR.
The storage of the personal data entered by you is carried out up to the time of the deletion of your profile at Cash App app, beyond that only as long as the processing is necessary for possible fulfilment of the contract.
It is not intended to pass on your data to third parties. All checks on the requested criteria in a survey are carried out by us on our servers.
3.4 Processing of payment & provision of credits
To process the payout of credits you receive through participation in surveys in or via our app, we offer various payment methods, some of which use payment service providers such as PayPal. Processed data in this context are usage data, connection data, master data, payment data, contact data or even contract data. The legal basis for the use of payment service providers results from Art. 6 para. 1 lit. b GDPR. We have signed an order processing contract with each of the payment service providers so that the security of the processing of your data is guaranteed at all times. The Payment Service Providers are in detail:
It is possible to process the payment process with the online payment service PayPal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. This is regularly the following data:
3.5 Tracking & Tools
Information on the cookies used
Cookies are small files that are stored on your device (computer, tablet or smartphone). When a website is accessed, the cookie stored on a device sends information to the party that placed the cookie.
We distinguish between
We offer you the opportunity to choose your preferences regarding functional and marketing cookies when you first visit our app and at any time thereafter.
If your personal data is processed, you are the person concerned within the meaning of the GDPR and you as a user have the following rights vis-à-vis the person responsible:
4.1 Right to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
If such processing has taken place, you can request information from the data controller about the following:
- the purposes for which the personal data are processed
4.2 Right of rectification
You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.
4.3 Right to limit processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4.4 Right of cancellation
4.4.1 You may request the controller to delete immediately the personal data concerning you and the controller is obliged to delete such data immediately if one of the following reasons applies:
4.4.2 If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or to make copies or replications of this personal data.
4.4.3 The right of cancellation does not apply where processing is necessary
4.5 Right to information
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed of these recipients.
4.6 Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that the processing is based on a consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR and the processing is carried out by means of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4.7 Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e or f FADP; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by using automated procedures involving technical specifications.
4.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
The processing is lawful until your revocation - the revocation therefore only affects the processing after receipt of your revocation. You can informally revoke your consent by mail or e-mail. Your personal data will then no longer be processed, subject to the permission of another legal basis. If this is not the case, your data must be deleted immediately after the revocation in accordance with Art. 17 para. 2 GDPR. Your right to revoke your consent subject to the above-mentioned conditions is guaranteed.
Your revocation must be addressed to:
4.9 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you is in breach of the DPA.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Automated decisions in individual cases, including profiling, are not carried out.
If your personal data have been disclosed to other recipients (third parties) for legal reasons, we will inform them of any correction, deletion or restriction of the processing of your personal data (Art. 16, Art. 17 para. 1 and Art. 18 GDPR). The obligation to notify is not applicable if it involves a disproportionate effort or is impossible. We will also inform you of the recipients upon request.