Privacy Policy for the “Arab ma Arab” Application

  • 1 Information on the Processing of Your Personal Data
  • 1.1

Thank you for using the “Arab ma Arab” application (hereinafter referred to as “the App”).
This policy explains how your personal data is processed when you use the App.
Personal data refers to any information that can be used to identify you, such as your name, address, email address, user behavior, and other details.

We regularly review this Privacy Policy, and you will be notified in case of any updates.

  • 1.2 Controller (Responsible Entity)

According to Article 4(7) of the General Data Protection Regulation (GDPR):

Arab ma Arab UG (haftungsbeschränkt)
Address: Oranienburger Straße 6, 13437 Berlin – Germany
Email: ceo@arabmaarab.com
Phone: +49 176 64691553

  • 1.3 Encryption and Security

The App uses SSL/TLS encryption to protect your data during transmission.

  • 2 Service Intended for Adults

The service is not directed at children under the age of 16 (or the legal minimum age applicable in your jurisdiction).
If you are under this age, or if you are using the App on behalf of someone under the legal age, please do not use the App.

 

  • 3 Your Legal Rights as a User

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
• Right of access – Art. 15
• Right to rectification or erasure – Arts. 16 & 17
• Right to restriction of processing – Art. 18
• Right to object to processing – Art. 21
• Right to data portability – Art. 20
• Right to withdraw consent at any time

Right to lodge a complaint:
You also have the right to lodge a complaint with a supervisory data protection authority concerning the processing of your personal data by us.
For example, you may contact:
The Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61, 10555 Berlin, Germany.

  • 4 Collection of Data When Using the Application
  • 4.1 Downloading the Application

When downloading the App, the necessary information is transmitted to the App Store, such as username, email address, customer number, download time, payment information, and device identification number.
The App Store may process this data independently, for which we are not responsible.
We process this data only to the extent necessary to enable you to download the App onto your device.

  • 4.2 Creating an Account and Using the Application

When you create a user account in the App, we store the information you provide (such as your name, email address, other contact details, and the country in which the App is used).
We process this data to provide you with a personal user account and enable you to use the App.

By using your account, you can access the App’s functions (for example, searching for companies and offers, initiating contact, creating likes, reviews, posts, and comments).
The legal basis for this processing is Article 6(1)(b) GDPR.

  • 4.3 Using the Application as a Guest

You may use the App as a guest without providing personal data.
In this case, however, you can only view available offers and will not be able to perform additional actions.

  • 4.4 Uploading Images and Media

If you choose to upload an image (for example, a profile picture, business page image, or post image), the App may temporarily access your device’s camera or gallery.
This access occurs only when you actively initiate an upload, and solely for the purpose of selecting the desired image.
The App does not store or access your media files without your action.
The legal basis for this processing is Article 6(1)(b) GDPR, as the upload function forms an essential part of the App’s features.

  • 4.5 Creating a Business Page

If you create a page for your company or another type of offer, we also store the information you provide (such as business name, business type and description, location, photos, opening hours, contact details, website link, and other company data).
In some cases, this data may include personal information.
We process this data to display your company or offer to users of the App.
The legal basis for this processing is Article 6(1)(b) GDPR.
This data is visible to other users of the App, and users outside the European Union may also be able to access it.

  • 4.5.1 News Feed, Public Content, and Content Moderation

The App provides a News Feed feature that allows users, in particular business users (Business Users), to publish content including images, text, and information related to their activities or services.

When content is published via the News Feed or any other public area of the App, such content is considered public content and may be visible to other users of the App. Other users may interact with such content by liking (Like), sharing (Share), or bookmarking (Bookmark) it.

We process the published content and related data for the following purposes:

  • Operating and displaying the News Feed and its associated functionalities
  • Enabling interactions between users
  • Moderating content and preventing misuse
  • Protecting users and the platform and ensuring compliance with the Terms of Use
  • Improving the App’s services
  • Promoting the App and its services, including the use of user posts on the App’s official channels, such as social media pages or other marketing materials

The data processed in this context may include:

  • Uploaded images and content
  • The username or business name associated with the content
  • Interaction data (likes, shares, bookmarks)
  • Date and time of publication or interaction
  • Limited technical data necessary for security and misuse prevention purposes

The processing of this data is based on:

  • Article 6(1)(b) GDPR (performance of a contract), and
  • Article 6(1)(f) GDPR (legitimate interest)

Content published by users may be shared by other users within the App. After content has been published or shared, we may no longer be able to fully control how such content is further distributed or reused by other users.

We also process published content for moderation purposes and reserve the right to restrict the visibility of or remove content if it violates the Terms of Use or applicable laws.

 

  • 4.6 Technical Data

We also process the following technical data, which is necessary for the operation, security, and stability of the App.
The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest):

  • IP address
    • Date and time of the request
    • Time zone difference from Greenwich Mean Time (GMT)
    • Content of the request (page visited)
    • HTTP status code
    • Amount of data transferred
    • Referring page (previously visited page)
    • Browser type and version
    • Operating system
  • 5 Hosting and Data Protection

If we use external service providers for certain functions of our App, we always select them carefully, enter into agreements with them in accordance with Article 28 GDPR, monitor them, and inform you in detail about the relevant data processing activities.
We also define specific storage standards.

We currently use Amazon Web Services (AWS) as our service provider.
We have concluded a Data Processing Agreement (DPA) with AWS in accordance with Article 28 GDPR.
Your personal data is processed on servers located within the European Union.
Amazon Web Services, Inc. is certified under the EU–US Data Privacy Framework.
In the case of data transfer to the United States, the transfer is based on the European Commission’s adequacy decision pursuant to Article 45 GDPR.

Apart from this, we do not share your data with third parties.
Your data will not be transferred to countries outside the European Union (EU) or the European Economic Area (EEA).

Unless legal retention periods apply, we will delete your personal data as soon as storage is no longer necessary for the processing purpose.

  • 6 Location Data (Geolocation)

The App requests your permission to access your device’s location in order to provide personalized services.
You can revoke this permission at any time through your device settings.

 

§7 External Tools and Services – Google Maps

The App uses the mapping service Google Maps, provided by Google Ireland Limited.
When you open a page that includes Google Maps, information such as your IP address is transmitted to Google’s servers and may also be transferred to the United States.

If you are logged into your Google account, the data may be linked to your account.
If you do not wish this to happen, please log out of your Google account before using the service.

Google stores usage data in the form of usage profiles, which are analyzed for purposes of advertising, market research, and improving its services.
The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest).

You may object to the creation of usage profiles directly with Google.
If legal provisions require your consent, the legal basis for this processing is Article 6(1)(a) GDPR, and you may withdraw your consent at any time.

For full information on Google’s privacy policy, please visit:
🔗 https://www.google.com/privacy

§8 Sending Notifications (Push Notifications)

Users can enable or disable push notifications within the App via the device settings or the App’s settings menu.

When notifications are enabled, a unique device notification identifier (Device Token) is used solely for the purpose of sending alerts.
This identifier is not linked to any other personal data, and we do not store any personally identifiable information of the user for notification purposes.

The legal basis for this processing is user consent under Article 6(1)(a) GDPR.

Users may withdraw their consent and disable notifications at any time through their device or App settings.
When notifications are disabled, the device token is deleted, and no further notifications will be sent.

§9 In-App Rating and Comment Function

The App allows users to provide ratings for businesses and services using a star-based rating system, as well as to optionally write text comments.

When a user submits a rating or comment, we process the following data:
• The rating (number of stars)
• The comment text (if entered)
• The date and time of submission
• The username or displayed name chosen by the user in the App (if available)
• A technical identifier such as IP address or device ID — for security and misuse prevention purposes

The processing of this data is carried out pursuant to Article 6(1)(b) GDPR (performance of contract, i.e., providing the rating/comment feature) and Article 6(1)(f) GDPR (legitimate interest in preventing misuse or illegal content).

We reserve the right to review and delete any rating or comment that:
• Contains offensive, defamatory, or inappropriate content;
• Is intended to mislead users or manipulate ratings; or
• Violates laws or infringes on the rights of others.

We do not associate ratings or comments with any personal data beyond what is listed above.
They are used solely to improve service quality and monitor user experience within the App.

 

  • 10 Sharing Information for Advertising and Promotional Purposes

We may share or highlight your business profile or user profile (including your business name or username, profile photo or business image, short description, including posts published through the News Feed and business links) on our official social media accounts, promotional pages, marketing campaigns, or through our promotional partners.

By using the App, you explicitly grant us permission to use and publish this information for such promotional purposes.

If you do not wish your information to be used in this way, please send a request to our support email:
📩 support@arabmaarab.com
and we will handle your request in accordance with this Privacy Policy.

We use such information solely for the purpose of identifying and promoting the platform and participating businesses.
We do not control or take responsibility for the actions or interactions of other users or third parties with this information after it has been published.

  • 11 In-App Payments and Data Processing

To execute in-app payments and subscriptions, we cooperate with the payment service providers listed below.
These providers process personal data only to the extent necessary to complete payment transactions or manage subscriptions, pursuant to Article 6(1)(b) GDPR.
We do not store any sensitive payment data on our own servers.

  • 11.1 Apple In-App Purchases (iOS Devices)

For payments made via Apple’s In-App Purchase system, payment processing and subscription verification are handled directly by Apple.
All payments are subject to Apple’s Privacy Policy and Terms of Service.

When PayPal is used via the Stripe payment gateway, certain limited data may be shared with PayPal to process the transaction.
• Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

  • 11.3 RevenueCat

For in-app purchases, payment processing is handled by RevenueCat Inc., 300 Euclid Avenue, San Francisco, CA 94118, USA.

We transfer the information you provide during the purchase process to RevenueCat solely for the purpose of payment execution, in accordance with Article 6(1)(b) GDPR.

We have a Data Processing Agreement with RevenueCat to ensure that your data is not transferred to unauthorized third parties.

If you choose to pay via Stripe, payments are processed by Stripe Payments Europe Ltd.,
1 Grand Canal Street Lower, Dublin, Ireland.

We transmit the data necessary for payment processing (name, address, account number, bank code, card number, invoice amount, currency, and transaction number) pursuant to Article 6(1)(b) GDPR.

We will store your data until the completion of payment processing and in accordance with the statutory retention periods under §147 of the German Tax Code (AO) and §257 of the German Commercial Code (HGB).

This includes the period required for handling refunds, managing accounts receivable, and preventing fraud.

  • 13 Right to Object

You have the right to object to the processing of your personal data for reasons related to your particular situation.
In cases of direct marketing, you may object to processing at any time without giving reasons.

  • 14 Account Deletion

You may delete your account at any time through the App settings or by contacting us directly.
Your personal data will be deleted unless legal obligations require us to retain it.

  • 15 Contacting Us

If you contact us through the feedback or support function, the data you provide will be stored for the purpose of processing your request.
We delete this data once it is no longer necessary for that purpose.
The legal basis for this processing is Article 6(1)(b) GDPR (performance of contract).

In the event of any conflict or difference in interpretation between the language versions of this Privacy Policy,
the English version shall be deemed the official and legally binding reference.