Privacy Policy

(Version: May 6, 2026)

 

This information applies when you visit our website at www.freecash.de ("Website") or use the Freecash application (the Website and application are hereinafter collectively referred to as "Services"). 

At a Glance

• Scope: This Privacy Policy applies to the processing of data by Freecash as the Data Controller.
• Contact Details of the Data Controller: Almedia GmbH, Koppenstr. 8, 10243 Berlin, Germany, [email protected]
• Source of the processed data: Data provided automatically or actively, publicly available information (e.g., from registers and public sources), data provided by third parties (e.g., social networks, etc.).
• Purposes of processing: Access to services, authentication, security and improvement of services, contract management, legal requirements, business administration, product development, communication, and marketing.
• Recipients: Service providers, government agencies, consultants, auditors, and other contractual partners who are bound by confidentiality obligations.
• Legal basis: Consent; contractual purposes; compliance with legal obligations; protection of our legitimate interests following a balancing of interests.
• Retention period: The data will be stored for as long as necessary for the purposes listed above, or longer if required by law or otherwise necessary and permissible.
• Your Control
  
  • Withdrawal of your consent: You may withdraw your consent at any time and without providing a reason. Upon withdrawal, processing based on consent will cease for the future.
  • Objection to processing based on legitimate interests: You may object to data processing based on legitimate interests by providing reasons. Processing will cease unless compelling legitimate grounds override your interests, rights, and freedoms, e.g., if the processing serves to establish, exercise, or defend legal claims. Any processing of personal data for direct marketing purposes will cease immediately upon notification by the data subject (objection requiring no specific justification). 
• Rights of the data subject: access, rectification, erasure, restriction, right to object, data portability, and the right to lodge a complaint with a supervisory authority. To exercise these rights, you may contact the data controller at any time and free of charge, without the need for any specific form or justification. 

In Detail

The following information is intended to help you understand from which sources Freecash obtains personal data about you, who is responsible for the processing, and for what purposes Freecash, as the data controller, processes personal data; on what legal basis and for how long we are permitted to share personal data; and what rights you have as a data subject regarding the processing of your personal data.

1.) Contact information for the data controller:

You can reach us at

Almedia GmbH
Koppenstr. 8
10243 Berlin
Germany

If you have any questions regarding the protection of your personal data, you can also contact us directly at the following email address: [email protected].

2.) Source of personal data processed by Freecash

Freecash is a platform that offers various tasks to users. When users complete the tasks, the previously announced rewards are distributed. We process personal data of users or data subjects in connection with our services.

The data processed by Freecash comes from the following sources:

• Automatically collected data: Technical data collected when you interact with Freecash services, particularly our website (e.g., IP addresses, browser information, cookies, device information).
• Data actively provided by users: Registration data (e.g., name, email, phone number), newsletter (email address), data provided via the contact form or through other communications.
• Information from publicly available sources: Freecash may process personal data from publicly available sources such as registries, government agencies, or commercial registers, etc., to the extent necessary to fulfill legal and contractual obligations.
• Third-party services or platforms: Data from social networks or services linked to Freecash accounts.

3.) Purposes and legal basis for the processing of personal data

We process personal data for limited purposes and only when we are contractually or legally authorized or obligated to do so, or when you have expressly consented to the processing of your personal data. 

3.1 Security and Operation

We process your personal data to technically provide you with our services and to ensure the security of the services offered to you at all times.

For technical reasons, every time you visit or interact with our services, your browser or device sends technical information to us, which is stored in server logs. This includes connection and access data such as the date and time of your visit and the duration of your use of our services, your device’s IP address, the referrer URL (the website from which you may have been redirected), the subpages visited, and, where applicable, other information about your device, e.g., device type, browser type and version, settings, installed plug-ins, operating system, logins, settings, tasks performed, and other information related to your use of our services.

We use this data to enable interaction with our service and to secure, operate, and improve our system operations, including software updates, to prevent abuse, and to detect, prevent, and correct errors.

We also process your personal data to determine, when you access our services, whether the request is from you or from a bot or other automated request. For this bot protection, we rely on external service providers, about whom we provide information in the Cookie Policy.

The legal basis for the processing of this data is Article 6(1)(f) GDPR; the protection and functionality of the services constitute legitimate interests in this context.  

3.2 Provision of our Services

We process your personal data when you wish to use our services.

This includes, first and foremost, registration data, contact information, and login credentials so that you can create an account and access it regularly. We also process your data to inform you about updates to the terms and conditions.

To ensure that rewards can be distributed, we ask you for your payment information. This may include your bank account details or your PayPal account information. If you link digital wallets to your account, we also process the necessary wallet identifiers.

• We may process identity verification data where necessary, including government-issued identification documents, selfies or liveness checks, and related verification data (such as verification status and risk indicators). This data is used to verify your identity, enable secure payouts, prevent fraud, and comply with legal or partner requirements.
• We process transaction and rewards-related data in connection with your participation in offers, surveys, and other activities on the platform. This includes information about completed offers, earned rewards, cashback or similar benefits, and related payout or redemption activity.

To prevent fraud and misuse of our services, we must verify your identity in certain situations. To this end, we request identity data to the extent strictly necessary. For identity verification and fraud prevention, we also use external service providers acting on our behalf. You can find more information about these service providers in the “Recipients” section.

We process this data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract with you. The legal bases for processing are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. The provision of the services constitutes our legitimate interest.

3.3 Improving our Services

We continuously improve our services. This includes data analysis to improve our website. To this end, we use cookies or similar technologies, among other things. You can find more information on this in our Cookie Policy.

To the extent that you have consented to the analysis of your personal data, we base the analysis on your consent pursuant to Article 6(1)(a) GDPR. Otherwise, we base the processing on our legitimate interest in continuously improving our services (Article 6(1)(f) GDPR). 

3.4 Direct Marketing

From time to time, we may contact you by email or phone for commercial purposes, such as to inform you about available upgrades, new products, promotions, or special offers.

If you are not an existing customer, we will only use your contact information for direct marketing purposes if you have previously given us your explicit consent to receive such information. As an existing customer, we process your relevant contact information and usage history based on our legitimate interest in providing you with commercial information related to the products you use, unless you have objected to such communications.

The legal basis for processing is either Article 6(1)(a) GDPR or, where applicable, Article 6(1)(f) GDPR.

You may opt out of receiving marketing communications from us at any time at no additional cost and without providing a reason, e.g., by clicking the link at the bottom of an email or by notifying us. 

3.5 Communication and Support

If you are a business contact, or a prospective customer, we process the personal data provided to us to communicate with you, to take steps at your request prior to entering into a contract with you, and so that we can follow up on previous business discussions we have had with you, provide you with additional information about our services, or assist you with purchasing or accessing our services.

When registered users or other users contact us requesting technical or other support, we process the data necessary to respond to the request and provide assistance.

At your request, we process personal data necessary to enable you to participate in a webinar or other event we host, download a white paper, or attend an event.

The legal bases for processing are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

3.6 Compliance with Legal Obligations

We also process personal data for other purposes, e.g., when we are legally obligated to do so, for tax purposes, or based on our legitimate interests, e.g., when this is necessary to assert or defend legal claims.

In these cases, the legal basis is either a legal obligation under Article 6(1)(c) or a legitimate interest under Article 6(1)(f) GDPR.

3.7 Audits and M&A Transactions

During the review or negotiation of mergers, financings, acquisitions, bankruptcies, or similar transactions, we may analyze personal data and, after balancing the interests of the involved and affected parties, disclose it to external auditors, consultants, or attorneys, as well as other third parties, in connection with or during the negotiation of such a transaction.

The legal basis in these cases is Article 6(1)(f) GDPR and our legitimate interest in demonstrating compliance and ensuring necessary business functionality.

4.) Recipients

We do not sell personal data to third parties; however, we may disclose personal data to others if you have given your explicit consent (Art. 6(1)(a) GDPR), this is necessary for the performance of a contract with you (Art. 6(1)(b) GDPR), or where there is a legal obligation to disclose such data under Art. 6(1)(c) GDPR. Recipients include, in particular:

• Service Providers: We only engage carefully selected and contractually bound service providers to perform our services, with whom we may share personal data in connection with your use of our services.
• Authorities: We only disclose personal data to authorities if requested to do so by our customers or if we are legally obligated to do so.
• Advisors, auditors, and other third parties: Furthermore, we only disclose personal data to the extent necessary to our legal or financial advisors, auditors, or other third parties who are subject to statutory or contractual confidentiality obligations. 

Upon request, we can provide you with additional information regarding your personal data. 

We transfer personal data in particular to the following service providers:

• Adjust GmbH; evaluations and usage analyses of our app, Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin; Legal basis for processing: Art. 6 (1) lit. f) GDPR.  
• Amplitude Inc.; analysis and evaluation of usage behavior; 201 3rd Street, Suite 200, San Francisco, CA 94103, USA; Legal basis for processing: Art. 6 (1) lit. f) GDPR.
• AppsFlyer Inc.; evaluations and usage analyses of our app; 100 1st St., Floor 25, San Francisco, CA 94105, USA; Legal basis for processing: Art. 6 (1) (f) GDPR.
• Checkout SAS; processing of payment transactions and gift cards, fraud prevention in payment processing; 44-48 rue de Châteaudun, 75009 Paris; Legal basis for processing: Art. 6(1)(f) GDPR and Art. 6(1)(b) GDPR.
• DigitalOcean LLC; hosting provider; 105 Edgeview Drive, Suite 425, Broomfield, CO 80021, USA; Legal basis for processing: Art. 6 (1) (f) GDPR.
• Hex Technologies, Inc.; Analysis and evaluation of user behavior; 2261 Market St #4233, San Francisco, CA 94114, USA; Legal basis for processing: Art. 6 (1) lit. f) GDPR.
• Singular Labs Inc.; analytics platform for marketing analysis and statistics; 181 South Park Street, Unit 2, San Francisco, CA 94107, USA; Legal basis for processing: Art. 6 (1) (f) GDPR.
• Transact Elektronische Zahlungssysteme GmbH; processing of payment transactions; Fraunhoferstr. 10, 82152 Martinsried; Legal basis for processing: Art. 6 (1) lit. f) GDPR and Art. 6 (1) lit. b) GDPR.
• Veriff OÜ; Fraud prevention and identity verification, Niine tn 11, Tallinn, 10414, Harju maakond, Estonia; Legal basis for processing: Art. 6 (1) lit. f) GDPR and Art. 6 (1) lit. b) GDPR.
• Verisoul, Inc.; Fraud prevention and identity verification; 1401 Lavaca Street, Suite 989, Austin, TX 78701, USA; Legal basis for processing: Art. 6 (1) (f) GDPR and Art. 6 (1) (b) GDPR.

Information about providers in connection with cookie services can be found in our Cookie Policy. 

5.) Data Transfers to Third Countries

Third countries are countries outside the European Economic Area (EEA). We transfer your personal data to third countries only if   

• the recipient provides adequate safeguards for the protection of personal data in accordance with Article 46 GDPR (including all necessary additional measures),   
• you have expressly consented to the transfer after we have informed   you of the risks   in accordance with Article 49(1)(a) of the GDPR,   
• the transfer is necessary for the performance of the contractual obligations between you and us, or
• another exception under Article 49 GDPR applies.   

Appropriate safeguards under Article 46 GDPR may include so-called standard contractual clauses, through which a recipient in a restricted third country undertakes to protect the data sufficiently and thereby ensure a level of protection comparable to that of the GDPR.

Upon request, we can provide you with additional information regarding your personal data.

If a so-called adequacy decision pursuant to Article 45(3) GDPR has been issued by the European Commission for the third country, no further measures are necessary for the transfer of data to that third country. The adequacy decision confirms that a level of data protection comparable to that in the EU prevails in that country. When data is transferred to the U.S., the data transfer is additionally based on the EU-U.S. Data Privacy Framework. You can view a list of certified companies here. 

6.) Retention and Deletion

In general, we process personal data only until the specified purposes have been fulfilled. Afterward, we anonymize or delete personal data, unless we are legally required to retain and document the data for a longer period for tax or commercial law reasons, or you have consented to further storage, or we have a legitimate interest in further processing in individual cases that outweighs your interest in deletion, for example because the processing is necessary to assert or defend legal claims.  

We store the personal data processed during registration and login for the duration of the contractual relationship with us and beyond, to the extent that the data is necessary to demonstrate compliance with contractual or legal obligations or to assert and defend legal claims.

7.) Your control options 

You may withdraw any consent you have given us at any time without providing a reason. As a result, we will cease processing the data that was based on your consent going forward.

You also have the right to object:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) (data processing in the public interest) and Article 6(1)(f) GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision.

If you object, we will no longer process your personal data unless we or our users can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If your objection is directed against the processing of data for the purpose of direct marketing, we will cease processing immediately. In this case, is not required to provide a specific legal basis. This also applies to profiling, insofar as it is related to such direct marketing.

8.) Your rights as a data subject vis-à-vis the data controllers

In addition, you have the right

• to request access to your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information regarding the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended retention period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling, as well as, where applicable, meaningful information regarding its details;
• to request, pursuant to Article 16 GDPR, the immediate rectification of inaccurate or incomplete personal data stored by us;
• to request, pursuant to Article 17 GDPR, the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
• pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you object to erasure, and we no longer need the data but you require it for the establishment, exercise, or defend legal claims, or you have objected to the processing pursuant to Article 21 GDPR;
• pursuant to Article 20 GDPR, to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller; and
• to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. As a rule, you may contact the supervisory authority of your usual place of residence or workplace, or of our company headquarters, for this purpose. 

If you have any questions regarding data protection, please do not hesitate to contact us.