DATA SECURITY POLICY FOR AGE VERIFICATION

DIMOCO Europe GmbH, a company incorporated under 199901 y of the company register of the Regional Court of Wiener Neustadt, Austria, having its registered offices at Campus 21, Europaring F15/302, A-2345 Brunn am Gebirge, Austria (“DIMOCO”) takes data protection very seriously and as such, We will process the information (including personal data) that You provide with utmost care and confidentiality in accordance with this Data Security Policy (the “Policy”) as well as applicable laws.

Please note that DIMOCO is licensed payment institute that processes payment transactions conducted via carrier billing, a payment method by which the relevant funds payable are either (a) charged to the mobile phone invoice, or (b) deducted from the mobile phone pre-paid credit of the relevant payer.

General Information

In order to access the service that you are ordering from the relevant Service Provider (the “Service”), an age verification is mandatory according to applicable laws, in particular the German Youth Media Protection Treaty (JMStV).

Further to the processing of the payment for the Service you ordered, the Service Provider has also instructed DIMOCO to conduct the mandatory age verification on its behalf. In this regard, a differentiation of whether You are a First-time user or Subsequent user is relevant:

 As a First-time user You, are ordering services for which an age verification is required for the first time and a verification of Your age has not yet been conducted by CheckTech in the name of DIMOCO (“First-time user”).

 As a Subsequent user, You have already ordered one or more services for which an age verification is required, the verification of Your age has already been conducted by CheckTech in the name of DIMOCO, and the use of the relevant service(s) occurred no longer than 3 (three) years ago (“Subsequent user”).

Therefore, depending on whether you are a First-time user or a Subsequent user, one of two processes is adopted by DIMOCO in order to conduct Your age verification:

 If You are a First-time user, DIMOCO uses a video chat tool provided and operated by CheckTech.

 If You are a Subsequent user, DIMOCO uses the “WebID DIMOCO MOBILE AVS” tool provided and operated by DIMOCO. The WebID DIMOCO MOBILE AVS verifies Your age through verification of Your date of birth and Your mobile number.

In the processing of the data that You provide during the age verification process,

 You are the so-called data subject,

 the Service Provider is the so-called data controller,

 DIMOCO is the so-called data processor,

and

 CheckTech is a so-called sub-processor of DIMOCO (if applicable).

Please note that both DIMOCO and CheckTech are certified by the German Commission for Youth Protection (KJM) to store and process so-called personal data for the purpose of verifying the age of end users of services for which an age verification is mandatory.

For the purposes of this Policy:

 any reference to “You” or “Your” shall mean you as the end user of the Services.

 any reference to “We”, “Us” or “Our” shall mean DIMOCO.

 any reference to “Service Provider” shall mean the professional vendor that provides the relevant Service to end users.

 any reference to “CheckTech” shall mean CheckTech Service GmbH, Deelbögenkamp 4c, 22297 Hamburg, Germany, a company that provides and operates a tool for age verification via video chat for DIMOCO.

What Data Will Be Processed?

Upon completing the age verification process, DIMOCO (and CheckTech if applicable) will store and process the relevant personal data provided by You through the relevant age verification tool used, namely Your name, Your date of birth, Your mobile phone number and a screenshot of the ID You provided and of Your face.

What Are The Purposes of Data Processing?

DIMOCO (and CheckTech if applicable), will process the data made available by You solely for the purpose of age verification for the consumption of the Service for which a specific age must be met according to applicable laws (the “Purpose”).

How The Data Will Be Processed?

The personal data provided by You will be kept confidential and shall be processed with due care, appropriately and in a way adequate and relevant to the Purpose expressly stated in this Policy. The data will be processed in compliance with applicable laws, in particular the General Data Protection Regulation (GDPR) of the EU. The confidentiality and security of Your data is secured by appropriate technological and organizational means.

Who Has Access To Your Data?

No personal data You provide Us (and CheckTech if applicable), will be made available or transmitted to any third party without Your express permission, except if a disclosure is legally mandatory. Access to the data provided by You will only be granted to authorized personnel of DIMOCO (and those of CheckTech if applicable).

Your Permission and Rights

The processing of Your personal data for the Purpose is based on Your voluntary permission given expressly during the age verification process in connection with Article 6 (1) (b) and (c) GDPR. We are not permitted to and shall not process any of Your personal data without Your consent or the applicable laws. Please note that in accordance with the applicable laws, the Service Provider is required to verify Your age and therefore cannot allow unidentified persons to use the Service.
Should You therefore choose to not give Your consent, You will not be able to access the Service.

As the data processor of the data controller (and additionally considering that We are a licensed payment institute), DIMOCO is under a legal obligation to act with due care. For this reason, and unless otherwise mandated or required, We store Your personal data for a period of 3 (three) years after you have used services for which DIMOCO conducted an age verification of You the last time. All of Your personal data will be erased automatically thereafter. In case CheckTech conducts the age verification (when You are a First-time user), please note that once CheckTech conducts the age verification for DIMOCO, CheckTech deletes all of Your personal data immediately after they have delivered to DIMOCO the personal data You provided in a documented way.

You should know that You have the following rights with respect to the personal data that You provide:

 You have the right to limit or withdraw the consent You gave to process Your data and/or request the deletion thereof. In any case, the Service Provider (as data controller) will follow your request accordingly, unless they are under a legal obligation to act otherwise.

 You have the right to request the Service Provider (as data controller) to inform You about the personal data they have stored about You.

 You have the right to request the Service Provider (as data controller) to amend any incorrect data that they have stored about You.

 You have the right to data portability, which means that upon request, the Service Provider (as data controller) will transfer Your data to a third party that You nominate.

 You have the right to lodge a complaint with a supervisory authority (in particular in a state where you live or work) in the event that You are of the opinion that a breach of data security has occurred.

You can exercise the aforementioned rights at any time. If You have any questions about the data security, please do not hesitate to contact the Service Provider (as a data controller). More information on the Service Provider, in particular their contact details, can be obtained from the website of the relevant Service that you ordered.

Stay in touch!