Last updated: July 2025

Welcome to idle-empire.com and our associated mobile application (together, the “Platform”). Ehrenreich/Pahl GbR (“Ehrenreich/Pahl”, “we”, “us”, or “our”) is committed to safeguarding your personal data and respecting your privacy.

This Privacy Policy explains how we handle your personal data when you visit or use our Platform—regardless of your location. It also outlines your legal rights and the protections available to you under data protection law.

To help you navigate, this policy is organized in clearly defined sections. For definitions of terms used, see the Glossary at the end.

Purpose of this Privacy Policy. This policy describes how Ehrenreich/Pahl GbR collects, processes, stores, and protects your personal data when you interact with our Platform—whether that’s creating an account, receiving newsletters, participating in surveys, or contacting support. It supplements any other privacy notices we may present when collecting specific data.

Children and Privacy. Our Platform is not designed for children under 16 (or the legal age of consent in your country). We do not knowingly collect data from children under this age. If we become aware that we have collected data from a child without proper consent, we will delete it promptly. If you believe this occurred, contact us at [email protected].

Data Controller. Ehrenreich/Pahl GbR is the data controller responsible for your personal data.

Data Protection Officer (DPO). We have appointed a DPO to oversee questions in relation to this policy and requests to exercise your rights.

Contact Information

• Data Privacy Officer: Simon Ehrenreich
• Email: [email protected]

You also have the right to file a complaint with your local data protection authority, though we would appreciate the chance to address your concerns first.

Changes to this Privacy Policy. We may update this policy from time to time. The updated version will be posted here and, where appropriate, we will notify you through the Platform or by email. Please ensure the data we hold about you is accurate and current by updating your account or contacting support when details change.

Third-Party Links. Our Platform may include links to third-party websites, plug-ins, or applications. Clicking on those links may allow third parties to collect data about you. We do not control those sites and are not responsible for their privacy practices. We encourage you to review their policies.

“Personal data” means any information that identifies you as an individual. It does not include anonymous data where identifiers have been removed. We collect and process personal data only as necessary to provide services, maintain a secure and functional website, meet legal obligations, and improve your experience.

• Identity Data — name, username, gender, country of residence, and verification documents (e.g., driver’s license, national ID, passport).
• Contact Data — email address, mailing address, and phone number.
• Profile Data — login credentials, profile picture, preferences, feedback, participation history, and survey responses.
• Research and Survey Data — demographic/psychographic information you provide during research activities (typically stored in pseudonymized form).
• Transaction & Payment Data — IBAN, PayPal address, wallet identifiers, redemption history (e.g., gift cards, rewards).
• Technical Data — IP address, device ID, browser type, operating system, time zone, and other technical identifiers collected via cookies or log files.
• Usage Data — information about how you interact with the site, offers, and support.
• Marketing & Communication Data — your preferences for receiving marketing from us or selected third parties and your communication choices.
• Special Categories Data — race or ethnic origin, religious or philosophical beliefs, political opinions, sexual orientation, health-related information, and biometric data. We process this only when you explicitly provide it (e.g., in your profile or a survey) and with your explicit consent. It may be used for demographic profiling or market segmentation in research and is handled with heightened security. You may withdraw consent at any time via your profile or by contacting [email protected].

We may also use aggregated or anonymized data for analytical purposes; this cannot identify you directly.

a) Direct Interactions

• Create an account or complete your profile
• Participate in surveys or offers
• Contact support or provide feedback
• Subscribe to email updates or promotions
• Redeem rewards or make transactions on the Platform

b) Automated Technologies

• IP address and approximate location
• Device identifiers and browser information
• Interaction logs (e.g., pages visited, links clicked)
• Cookies and similar tracking technologies

You can manage cookies through your browser settings. Disabling certain cookies may affect site functionality.

c) Third-Party Sources

• Analytics providers (e.g., Google Analytics, Microsoft Clarity)
• Ad networks (e.g., Meta/Facebook, Google Ads)
• Verification or identity partners, where applicable

We use this data to enhance your experience, improve services, detect fraud, and ensure compliance with applicable laws and advertiser requirements.

We only use your personal data when we have a valid legal basis, including:

• Performance of a contract
• Compliance with legal obligations
• Legitimate interests that do not override your rights
• Your consent (where required)

Account Setup & Access

• Create and manage your account, authenticate logins, and enable security features — Legal basis: Contractual necessity.

Reward Program Participation

• Track activity for eligibility, deliver payouts, prevent fraud/duplicate participation — Legal bases: Contractual necessity; Legitimate interest; Legal obligation (e.g., AML).

User Communication & Support

• Policy or service updates, transaction confirmations, support responses, review requests — Legal bases: Contractual necessity; Legitimate interest; Legal obligation.

Improving Our Services

• Analyze technical/behavioral data to improve features, performance, and relevance — Legal basis: Legitimate interest.

Marketing & Promotions

• Send offers and updates if you opt in — Legal basis: Consent (withdraw anytime via account settings or the unsubscribe link).

Security, Compliance & Fraud Prevention

• Detect/block suspicious activity, protect users and systems, cooperate with authorities when required — Legal bases: Legitimate interest; Legal obligation.

We do not sell your personal data. We may share it with trusted third parties under strict contracts and only when necessary, lawful, and proportionate.

Categories of Recipients

• Service Providers — hosting/infrastructure, survey routers/offerwalls, analytics and debugging, customer support tools, fraud prevention. Processors act only on our instructions.
• Payment & Reward Processors — to deliver rewards or process verifications (e.g., PayPal, gift card or wallet providers).
• Professional Advisors — legal, accounting, compliance, and risk consultants.
• Regulators & Law Enforcement — where required by law or to investigate misuse.
• Business Restructuring — in a merger, acquisition, or asset transfer; any successor entity will follow this policy or one of equivalent protection, and we will notify you of material changes.

Third-Party Handling. All third parties must protect your data, use it only for agreed purposes, and maintain appropriate security. We do not authorize their own independent use of your data.

We may transfer your personal data to countries outside your residence (e.g., to service providers in the United States or other jurisdictions). When we do, we aim to ensure appropriate protection in line with applicable laws, including use of the European Commission’s Standard Contractual Clauses (SCCs).

For more information, see the European Commission’s SCC page: Standard Contractual Clauses – European Commission.

You may request details about specific safeguards by contacting [email protected].

We implement appropriate technical and organizational measures to protect your data.

• Encryption — sensitive data (e.g., passwords, payment identifiers) is encrypted in transit and at rest where applicable.
• Access Control — access is limited to authorized personnel on a need-to-know basis.
• Secure Infrastructure — reputable hosting with physical and logical safeguards.
• Regular Audits — periodic reviews and updates to reflect best practices.
• Data Minimization — collect only what’s needed and retain only as long as necessary.

Incident Response. If a data breach occurs, we will notify affected users and relevant authorities without undue delay where required by law.

If you suspect your account or data has been compromised, contact: [email protected].

We retain personal data only as long as necessary for the purposes collected, including legal, regulatory, tax, accounting, or reporting requirements. Retention varies by data type, legal basis, and ongoing obligations or legitimate interests.

• Account data — retained for the duration of your relationship and up to 3 years thereafter to address potential disputes or regulatory inquiries.
• Payment/transaction data — retained for at least 10 years to meet accounting and legal requirements under German law.
• Survey/usage data — retained up to 24 months for analytics, research, and performance monitoring.

When no longer required, data is securely deleted or anonymized. You may request deletion at any time, though legal or contractual obligations may delay deletion. Anonymized data may be retained indefinitely.

Under GDPR and other laws, you may have the following rights:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase data (“right to be forgotten”)
• Object to processing (including direct marketing)
• Restrict processing in certain cases
• Data portability
• Withdraw consent where processing is based on consent

How to Exercise Your Rights. Contact [email protected]. Provide sufficient information for us to identify you; we may request identity verification. We aim to respond within one month; complex or multiple requests may require more time.

No Fees Typically Required. You will not be charged for exercising your rights unless a request is clearly unfounded, repetitive, or excessive.

This section applies to U.S. residents. Depending on your state (e.g., California, Virginia, Colorado, Connecticut, Utah), you may have rights to know, access, delete, correct, and opt-out of certain processing, including targeted advertising or “sale”/“sharing” as defined by state law.

Exercising Your Rights. Email [email protected] with the subject line “U.S. Privacy Request.” We will verify your identity and respond within the timeframe required by law. Some opt-outs may also be managed in your account settings.

California (CCPA/CPRA). California residents may request: categories and specific pieces of personal information collected, sources, purposes, categories of recipients, and disclosures in the past 12 months. We do not use or disclose sensitive personal information beyond permitted purposes, and we do not offer financial incentives for personal data. Contact [email protected] for verified requests.

“Do Not Sell or Share My Personal Information.” We do not knowingly sell personal data. Some disclosures for advertising/analytics may be deemed a “sale”/“sharing” under certain state laws. U.S. residents may email the subject line “Do Not Sell or Share My Personal Information” to [email protected]. We will process requests as required by applicable law.

Personal Data (Personal Information). Information relating to an identified or identifiable individual (e.g., name, email, device identifiers, IP address).

Special Categories of Data. Sensitive data including racial or ethnic origin, religious or philosophical beliefs, political opinions, sexual orientation or sex life, health data, and biometric data used for identification. Collected/processed only with explicit consent and under strict safeguards.

Processing. Any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).

Controller. Entity that determines purposes and means of processing. Here, Ehrenreich/Pahl GbR is the controller for data collected through Idle-Empire.

Processor. Third party that processes personal data on behalf of the controller (e.g., cloud storage, survey vendors, payment processors).

Legitimate Interest. A lawful basis where processing is necessary for our or a third party’s interests, balanced against your rights and freedoms (e.g., fraud prevention, service improvement).

Performance of a Contract. Processing necessary to fulfill a contract with you or take steps at your request before entering a contract (e.g., account creation, sending rewards).

Consent. Freely given, specific, informed, and unambiguous indication of your wishes by which you agree to processing. You can withdraw consent at any time.

Data Protection Officer (DPO). Person responsible for overseeing compliance with data protection laws and protecting data subject rights.

Supervisory Authority. Independent public authority that monitors compliance with data protection law (e.g., national DPA in the EU).