Last updated: December 8, 2023

Privacy policy

At Crush, we are committed to ensuring that your personal data is protected and is not used for purposes other than those indicated in this Privacy Policy. For this reason, in this section we inform users and interested parties of everything related to the processing of their personal data, thus complying with the data protection regulations applicable in our country: General Data Protection Regulation (EU) 2016/679, of April 27 regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (hereinafter, 'GDPR') and Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights (hereinafter, 'LOPDGDD').

This Privacy Policy is applicable to the data processing that CRUSH SOCIAL NETWORK, LTD., carried out both through the website: www.crushsocialnetwork.com (hereinafter, the 'Website'), and through the mobile application for Smartphones with the name 'Crush' (hereinafter, the 'App') and/or those that are indicated. We recommend that you read it carefully before using the Website or the App and providing your data through them. Do not hesitate to ask us any questions in this regard via email: privacy@crushsocialnetwork.com.

Index of contents

In this Policy you will find all the information related to the processing of your personal data and the rights you can exercise to maintain control over them. In this sense, you will find information about:

  1. Who is responsible for the processing of your data.

  2. What requirements you must meet to provide us with your personal data.

  3. What data processing we carry out through the website and what are its main characteristics, explaining:

    • What data we collect and what are the ways of collecting it.

    • For what purposes we collect the data we request.

    • What is the legitimacy for its treatment.

    • How long do we keep them?

  4. To which recipients your data is communicated.

  5. Existence of international transfers of your data.

  6. What are your rights and how can you exercise them?

  7. How we protect your personal information.

  8. Changes to this policy.

1. Who is responsible for the processing of your personal data?

Your personal data will be processed by the company CRUSH SOCIAL NETWORK, LTD. ('CRUSH'), with NIF B-72599830 and whose contact details are as follows:

1.1. Our Data Protection Officer

From CRUSH, we make available to you the contact details of our Data Protection Officer, to whom you can address any questions you may have in relation to this Privacy Policy or the processing of your personal data.

2. What requirements must you fulfill to provide us with your personal data?

2.1. Minimum age. To provide us with your personal data and use our Website and our App, you must be over 15 years of age.

2.2. Veracity. When you provide us with your data to use our services, you guarantee that the data and information provided is real, truthful, updated and also belongs to you and not to third parties.

In addition, you must notify us of any change that occurs in the data provided, responding in any case to the veracity and accuracy of the your supplied data at all times.

2.3. Control of Age and Veracity. From CRUSH we reserve the right to verify your age and identifying information, if necessary, even requiring an official document or equivalent procedure and, in case of detection of fraud that is verified or suspected that you are under the indicated age, to delete, temporarily deactivate and/or cancel your account.

3. What data processing do we carry out through the Website and the App and what are its main characteristics?

Below, we explain how we treat your personal information and provide you, in detail, with all the relevant information regarding your privacy:

3.1. When you contact us through our channels (contact form, chat, email)

What are the ways of collecting the data?
What data do we collect?

Identification and contact information. We collect your identification data (name and surname) and email address, as well as any other information that you voluntarily include in the communications that you send us.

We may request additional information from you if necessary to comply with your request or requirement.

What are the purposes of processing your personal data?

Answer your requests. The main purpose of processing this data will be to answer your requests, answer your questions and/or provide you with the required information, as well as, where appropriate, follow up on your requests.

Improve customer service. All the information derived from doubts, queries, and advice offered to interested parties, as well as the way in which requests are resolved, allows us to know how we provide our own customer service, allowing us to improve its quality.

Likewise, all the information collected, after the conservation period indicated below, is anonymized and used for the purpose of being able to analyze the most frequently asked questions through the chat and to be able to automate the most frequent ones, prepare FAQs or keep it for statistical purposes to develop business strategies.

What is the legal basis that allows us to process your data? Is the provision of this data mandatory?

Consent. The data provided for the above purposes will be processed based on your consent, granted when you voluntarily contact us through the means made available to you to request information or make a request.

All the information collected by the customer service department will be processed for statistical purposes that will help us to improve the quality of the customer service provided. This purpose is considered to be compatible with the initial one.

The information that you must provide will be indicated with an asterisk or similar. Without this information it would not be possible to attend to your queries or requests.

How long do we keep your information?

We will process all your personal information during the time your requests are being processed and, if necessary, to follow up on them. Once this period has ended, CRUSH will keep, blocked, said information during the periods provided in the legislation to attend to eventual responsibilities and to demonstrate compliance with our obligations. From this moment on, CRUSH will only treat the information in an anonymous way, so it will not be possible to link the statistical information with the specific users to whom it refers.

Who do we give your personal information to?

We do not make any additional transfer to carry out this treatment than those indicated, in general, in point 4. To whom do we give your personal information? In this sense, some channels through which you can contact us are managed by service providers, who act as Treatment Managers. You will find more information about how these service providers act in point 4, mentioned above.

3.2. When you register and use our App 'Crush'

What are the ways of collecting the data?

Registration form in our App and use of its different spaces.

What data do we collect?

  1. Basic data for registration:

    In order to register in our App and use the services, you will need to register in our App and create a 'profile'. During the registration process we require you, as a user, the following data:

    • Username.

    • Full name.

    • Email.

    • Date of birth.

  2. Additional data:

    In addition to the above, our App allows you to voluntarily share information related to:

    • Gender.

    • Sexual orientation.

    • Interests.

    • Country, city or region.

    • Description about you.

    • Profession and studies.

    • Musical tastes.

    • Best friend.

    • If you authorize it, your precise geolocation, which, if you have allowed it, is carried out in the background.

    • Usage data: information may be collected about your interactions with other users (chats with other users, users with whom you connect and interact, time, frequency of interaction or other characteristics of your interactions).

    Some of the data that you can provide voluntarily is considered sensitive, since it is related to your sexual orientation. You should take into account that, if you decide to include such information, CRUSH will process it together with the rest of the information to fulfill the purposes indicated below. Likewise, this information may be shared with the rest of the users (it may be made public), so that unauthorized use of the App by other users could cause the leaking of this data. CRUSH is not responsible for the inappropriate use of data by other users.

    We also inform you that CRUSH uses the above data for the purpose of creating profiles in order to recommend content which might be of your interest and with the personal characteristics that you include about yourself, as explained below.

    In addition, if you authorize it, we will have access to:

    • Camera (images): granting camera permission allows the user to upload any image directly to the App.

    • Photo gallery (images): granting access to the photo gallery allows the user to upload any image from their photo gallery.

    • Microphone (audio): granting access to the microphone allows the user to use the device's voice recorder directly from the App.

  3. Content posted by you:

    By using our App, you have the possibility of interacting with other users through our community, being able to upload publications with audiovisual content (photos, audios, etc., if you have granted the respective permissions) and add comments with your opinions, ask questions and resolve concerns of other users.

    We also offer an exciting 'Stalker' mode, where your friends can capture GIF images of you with your consent. However, the responsibility for capturing and requesting to publish these GIFs on your profile lies with the user who initiates the request. The GIF won't be published on your profile until you accept the request. Furthermore, all collaborators can permanently remove their contributions by either rejecting the request or deleting the publication.

    CRUSH uses Amazon Web Services face recognition technology to process CRUSH's users' biometric data as its service provider ('Processor'). Amazon may process and store face templates for the purposes of providing face verification and/or identification services on CRUSH's behalf, and only as instructed by CRUSH. Amazon will store this data as long as CRUSH requests, which shall be no longer than a limited grace period after the date when (i) CRUSH ceases to have a relationship with Amazon or (ii) when CRUSH requests deletion.

    In the event that you publish posts in the App (which is merely optional, we do not force you to do so) Amazon's facial recognition technology will be used, which allows to detect faces and find users similar to you (twins) within our system. This is the only use we make of this recognition technology.

    Our processor, Amazon, is committed to its own compliance with the GDPR, as well as to providing a variety of products, features, documentation, and resources to help its customers meet their compliance obligations under the GDPR.

  4. App usage data:

    We also automatically collect App usage data, specifically technical data and information related to your use of the App, including the type of mobile device, the unique ID of your mobile device, the IP address of your mobile device, the mobile operating system, if any, the type of Internet browsers you use and information about the way you use the App, such as the frequency and time of use, ads you have clicked on, etc.

  5. Data about you provided by third parties:

    Other users of the App may provide us with information about you when they use our services; for example, when they interact with you or if they send us a report involving you.

What are the purposes of processing your personal data?

  1. Sign up and manage your account so that we can verify your email address and age to sign up for the App, interact with you and give you access to our services.

  2. Manage and execute the contractual relationship that unites us: we carry out different steps necessary to execute the contract signed with you, so that, for example, we can provide you with the service, contact you to help you resolve doubts, to verify the information you have provided us. Likewise, we may send you communications of an administrative nature, about updates, changes in our conditions of service, security alerts, as well as respond to any request or requirement that you send us.

  3. Publish your content. When you share content or information through the App, it will appear published for the public that you have selected that can see what you share. To add certain content, such as photos and videos, you will need to give us access to your camera or photo gallery.

    Any user of our App can view your username and public profile on the App, which includes content that you have shared with the general public. Also, keep in mind that your content published in the App may be shared by other users inside or outside the App, take a screenshot of it or download it.

  4. Post content about you. Other users of the application can create and share content with your image or data with an audience of your choice. If you do not feel comfortable with the content that others have shared about you, please report it by using the App forms or contact us by email.

  5. Offer you content (news, articles, experiences, among others) created directly by CRUSH or in collaboration with external people who may be of interest to you.

  6. Sending push notifications and alerts within the App. If you have authorized it, you will receive our push notifications in your web browser or on your mobile device. Push notifications may include reminders, promotional communications, alerts, and updates regarding the App and services.

    If you activate these notifications, you will receive personalized notices, based on a profile that we develop about you and the use you make of the App. For the personalization of notices, the information obtained through the data entered by you in the App and the data collected regarding the use of the App (visited content) to create a profile in relation to your interests and offer you mainly that content and information that suits you.

    You can opt out of push notifications at any time by adjusting the settings on your mobile device, although opting out will not affect other communications you may receive from CRUSH, such as email communications.

  7. Prevention, detection and prosecution of illegal activities or activities contrary to the conditions of service or that endanger the security of information or the App: CRUSH may process the data to control and prevent any form of abuse of our services, such as fraudulent activities, denial-of-service attacks, sending spam, unauthorized access to our users' accounts, as well as any other practice that is contrary to the General Conditions and Use of the App or endangers the security of the information or the integrity of the App itself, being able to delete the content or the account that is contrary to the law, our General Conditions or the Community Guidelines.

    Within this purpose, the processing of complaints that you present against other users or those that are presented against you is also included, with the option of contacting CRUSH to analyze the specific case and guaranteeing that there will be human intervention to correct or rectify the issue that arises to us.

    We may also use tools to detect inappropriate content (for example, adult or violent content) in the visual content you post.

  8. To offer you a better service, your data will also be processed for the purpose of:

    • Help you connect with other users, allowing you to interact with them through chat screens and other mechanisms.

    • Recommend you to other users who are similar to you.

    To make recommendations, we use the information you provide us, including information about your location if you give your permission, as well as information we obtain from your use of this space (for example, characteristics of the people with whom you actually interact) to develop an automated profile about you and preferably show you those users who match your profile and what you are looking for.

    In this sense, you will preferably be shown active users in the App, who are close to you, who match the indicated preferences and your profile created from your interactions, also ensuring that your characteristics and profile match the preferences of the recommended users.

  9. Statistical purposes and others carried out with anonymous data. We may anonymize all personal information collected from users who use the App for statistical and other purposes, such as algorithm training, to measure the effectiveness of advertising campaigns available on the App, the navigability and usability of the App to to be able to improve the design, presentation and functionalities available or others.

  10. To show you advertising: Our App may include advertising that, if you give your consent, will be personalized according to your tastes and preferences.

What is the legal basis that allows us to process your data? Is the provision of this data mandatory?

  1. Execute and maintain the contractual relationship between the Parties. The reason why we process your information for the purposes mentioned above is to fulfill the contract we have with you.

  2. Consent. Some functionalities are based on your express consent: (i) publication of your own content, (ii) access to the camera or photo gallery to publish certain content in the App, (iii) access to the geolocation of the device for user recommendation by proximity (iv) the reception of personalized push notifications (v) display of personalized advertising content. Also, if you decide to provide us with additional voluntary information to complete your profile, such information will be used based on your consent.

    Remember that you can revoke your consent at any time through the settings of your device, deleting your content or through the options available in the App.

  3. Legitimate interest. The data will be processed based on our legitimate interest in relation to the prevention of illegal activities and others related to the security of the App, to guarantee the security of the network and of the information to prevent events that may compromise the availability, authenticity, integrity and confidentiality of personal data or the platform itself, as well as compliance with community standards.

    We may also show you non-personalized advertising through the App based on our legitimate interest.

    If you wish to obtain more information about the weighting that we have carried out on the legitimate interests of CRUSH in relation to the above purposes, you can request it by writing to us at privacy@crushsocialnetwork.com.

  4. Processing of specially protected data. The data related to your interests or aspects related to sexual orientation will be processed based on your explicit consent.

How long do we keep your information?

We will keep all your personal information for as long as our contractual relationship is in force, that is, until you delete your account. Once the contractual relationship has ended or your account has been cancelled, CRUSH will keep, blocked, all the information during the periods provided by law to investigate illegal or harmful conduct, attend to eventual responsibilities and to demonstrate compliance with our obligations.

In relation to the content published by you through our App, you should take into account that any publication or comment that you have published in our community will remain in the App until you delete it or until you delete your account. However, any other content where you appear and that has been published by other users (for example, photos or videos) may remain visible until said user deletes it or closes their account.

However, we reserve the right to use your information in aggregate form after closing your account for statistical purposes and to improve our services. The use of such information will not allow you to be personally identified.

Who do we give your personal information to?

There are no specific transfers of your personal data to fulfill the purpose indicated in this section. However, we can use the services of service providers, who will have limited access to the data and will be bound by a duty of confidentiality (for more information on how our service providers act, see point 4. To whom do we give your personal information? > Service Providers).

However, keep in mind that when you post content on our App, you may be sharing personal information with other users (including your public profile).

Also, if someone files a report that implicates you, we may notify the complainant of the actions we have taken as a result of their report, if any.

3.3. Browsing the Website (cookies)

On our Website, as well as in our App, we use cookies or other tracking and tracing tools to collect information about the use that users make of the Website and the App.

For more information about the treatment we carry out through said tracking tools, visit our Cookies Policy.

3.4. CRUSH profiles on social networks

CRUSH has a profile on the main social networks, such as Twitter, Instagram, LinkedIn or TikTok.

When you become a follower of one of our pages on social networks, the data processing will be governed by the conditions of use, privacy policies and access regulations that belong to the corresponding social network and previously accepted by the user.

CRUSH, in this sense, will process your data for the purpose of correctly managing its presence on the social network, informing you of activities, products or services, as well as for any other purpose that the regulations of social networks allow.

Keep in mind that we have no influence on the information that the social network collects or how it processes it, so we recommend that you keep yourself informed of the purpose and scope of the information collection that is carried out through said social networks.

4. To whom do we give your personal information?

In general, from CRUSH we will not communicate your data to third parties. However, in addition to the transfers that we specifically indicate in the section in which we explain the characteristics of the different operations (point 3), we inform you of the communications that, in general, we can make, as well as their legitimizing basis, which affect all previous treatments.

  • Essential service providers to execute the service we offer you, (for example, computer hosting companies or platforms for sending commercial communications). Notwithstanding the foregoing, these entities have signed the corresponding confidentiality agreements and will only process your data according to our instructions, not being able to use them for their own purposes or apart from the service they provide us.

  • Public organisms. We may disclose to the competent public authorities the data and any other information that is in our possession or that is accessible through our systems when there is a legal obligation to do so, as well as when required, for example, when the purpose is to prevent or prosecute abuse of services or fraudulent activities through our Website or Application. In these cases, the personal data that you provide us will be kept and made available to the administrative or judicial authorities.

  • In the case of a corporate transaction: In the event of a merger, acquisition, sale of all or part of its assets, or any other type of corporate transaction involving a third party, we may share, disclose, or transfer user data to the successor entity (including during the pre-operative phase).

  • To third parties after aggregation or anonymization: we may disclose or use aggregated or anonymized data (meaning data that is not linkable to an identified or identifiable natural person) for any purpose.

  • To third parties with the user's consent or other legitimate basis: In the event that we want to share data with third parties outside the scope of this Privacy Policy, your consent will be requested, in any case, or you will be informed about it and its legitimate basis.

Likewise, we inform you that this Privacy Policy only refers to the collection, treatment and use of information (relating to personal data) by us through the interaction you carry out with our Website or Application. Access to third-party web pages that you can access through links from the Website or the App have their own privacy policies over which we have no control. Therefore, before providing them with any personal information, we recommend that you find out about their Privacy Policies.

5. Is your personal data transferred to third countries outside the European Economic Area?

Some of our service providers are located in countries outside the European Economic Area ('EEA').

The location of these companies outside the EEA implies the existence of an international transfer of your personal data, which could imply a lower degree of protection than that included in European regulations. However, from CRUSH we have applied measures so that said transfers do not give rise to a lower degree of protection of your personal data.

In this sense, the service providers that are outside the EEA have signed the corresponding standard contractual clauses approved by the European Commission ('CCT'), an agreement signed between both entities by which the non-EU company guarantees that it applies the European standards of data protection.

Therefore, the use of these providers does not give rise to a lower degree of protection of your personal data than the use of providers located in the European Union. You can consult the content of the CCT in the following link:

https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors_en

Next, we indicate which are the international transfers that we make from CRUSH:

Name Affected activities Country Transfer mechanism
Google, LLC. All USA Standard Contractual Clauses (SCCs)
Amazon.com, Inc. Face detection and search for similar-looking faces USA Standard Contractual Clauses (SCCs)
650 Industries, Inc. (Expo) Push notifications USA Standard Contractual Clauses (SCCs)
Mailgun Technologies, Inc. Sending emails USA Standard Contractual Clauses (SCCs)

6. What are the rights that you can exercise as an interested?

You can exercise the rights that the law guarantees you in relation to the processing of your personal data by contacting our Data Protection Delegate via email admin@crushsocialnetwork.com.

Any request for rights that we receive will be resolved as soon as possible and, in any case, within the maximum period established by law, from the date of receipt. In some cases, it will be necessary to request a copy of your identity document or other identification document to verify your identity.

The rights that correspond to you as an interested party are the following:

  1. Right to withdraw the consent granted

    You can revoke your consent in relation to all processing based on it at any time. However, the withdrawal of consent will not affect the legality of the treatment based on the consent prior to its withdrawal.

  2. Right of access

    You have the right to know what data is being processed, if applicable and, if so, to obtain a copy of it, as well as to obtain information regarding:

    • the origin and recipients of the data;

    • the purposes for which they are processed;

    • whether there is an automated decision-making process, including profiling;

    • the data retention period; and

    • the rights provided by the regulations.

  3. Right to rectification

    You have the right to obtain the rectification of your personal data or to complete it when it is incomplete.

  4. Right to erasure

    You have the right to request the deletion of your personal data if they are no longer necessary for the purpose for which they were collected or, where appropriate, if we are no longer authorized to process them.

  5. Right to data portability

    You have the right to request the portability of your data in the case of treatments that are based on your consent or on the execution of a contract, as long as the processing has been carried out by automated means. In the event of exercising this right, you will receive your personal data in a structured format, commonly used and readable by any electronic device. However, you can also request, when possible, that your data be transmitted directly to another company.

  6. Right to restrict processing

    You have the right to limit the processing of your data in the following cases:

    • When you have requested the rectification of your personal data, during the period in which we verify their accuracy.

    • When you consider that we are not authorized to process your data. In that case, you can ask us to limit its use instead of requesting its deletion.

    • When you consider that it is no longer necessary for us to continue processing your data and you want us to keep them for the purposes of exercising or defending claims.

    • In cases where there is processing based on our legitimate interest and you have exercised your right to oppose it, you can ask us to limit the use of your data during the verification of the prevalence of said interests with respect to yours.

  7. Right to object

    You have the right to object at any time to the processing of your personal data based on our legitimate interest, including profiling.

  8. Right to lodge a complaint with a Supervisory Authority

    Remember that, at any time, and in the event that you consider that we have violated your right to the protection of your data, you can address your defense to the corresponding Control Authority, in the case of Spain, the Spanish Agency for Data Protection (www.aepd.es).

7. How do we guarantee the confidentiality of your information?

The security of your personal data is a priority for us. For this reason, CRUSH has implemented all the necessary security measures to guarantee effective use and treatment of the personal data provided by the user, safeguarding the intimacy, privacy, confidentiality and integrity of these, and makes use of the technical means necessary to avoid alteration, loss, unauthorized access or treatment of your data, according to the state of technology at all times.

Consequently, we comply with recommended security standards to protect them. However, it is impossible to fully guarantee your security due to the very nature of the Internet and because there may be malicious actions by third parties beyond our control.

We promise to act quickly and diligently in case the security of the data is in danger or compromised, and to inform you about it in case it is relevant.

8. Modifications to this policy

From CRUSH we can modify the content of this Privacy Policy at any time, especially when there are legislative, jurisprudential or interpretation modifications of the Spanish Agency for Data Protection that affect the data processing carried out by CRUSH through the Website or the App. Any new version of this Privacy Policy will be effective on the published effective date.

If the revised version includes a substantial change that affects the processing of your data, we will notify you at least 30 days in advance by posting a notice on our Website or our App or by notifying you via email. In any case, we recommend that you periodically review this Privacy Policy to be informed of how your personal data is treated and protected, as well as your rights.