LAST REVISION: 25.07.2023
The Company does not knowingly collect personal data from children. If you are under the age of eighteen (18) or of the age of majority in your jurisdiction (Age of Majority), please do not give us any personal data. If you have reason to believe that anyone under the Age of Majority has provided personal data to the Company, please contact us, and we will endeavor to delete that information from our databases.
The subject of data protection is personal data. According to Art. 4 (1) GDPR (General Data Protection Regulation), all information relating to an identified or identifiable natural person is considered as Personal Data and according to 1798.140. (v) (1) CCPA (California Consumer Privacy Act) all information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household is considered as Personal Information.
As for this document, both Personal Data and Personal Information will be referred to as Personal Data.
The data controller of your personal data is , .
Data Protection Officer
We process personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
We use technical and organizational security measures to protect the data we process from manipulation, loss, destruction and access by unauthorized persons. Our security measures are continuously improved in line with technological developments. We would also like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Processing of your personal data — purposes and legal bases
In order to provide our services to you, including but not limited to account registration, payment, customer support and other features of our website, we collect and process several categories of personal data. We process personal data as well as personal data voluntarily provided by you for our legitimate interest of providing and improving our services and for legal obligations:
- Personal data provided by you, such as email address, username, password, biometric characteristics, display name, gender, age, location, sexual orientation, sexual preferences, and other information that you provide in your profile.
- Personal data from the usage of the website, such as your activity history, time spent in chargeable Chats modes, payment information, token balance and spending, profile pictures, etc.
- Log data, such as IP address, date and time, location, pages visited, used functions of the website, internet browser, operating system, device and browser language, identifiers associated with cookies.
- Personal data collected by third parties — Google Analytics, Cloudflare, reCAPTCHA.
Visitor data is processed for the implementation and support of the contractual relationship or the pre-contractual relationship, as well as contact requests and communication, mainly on the basis of Art. 6 (1) (a) — (c) GDPR and in the case of Sensitive Data that allows to draw any conclusions about your sex life or sexual orientation, only with explicit consent in accordance with Art. 9 (2) (a) GDPR.
In order to correctly display the website and to provide visitors with functions that are not unique for registered users, we collect and process some information through cookies (see “Cookies”). This includes without limitation IP address, browser type and version, location, time and date, preferred language, and similar data.
Minors are prohibited from using this website.
Visitors of the 123upskirt.com website can use the services of the website in general without prior registration.
There are functions and content on our website that are only accessible after registration. For this you can create a user account (alternatively: “account”) to get access to the referred parts of the website.
The following information is mandatory:
- A username defined by you.
- A password defined by you.
Registered users get free access to uncensored and more explicit contents of the 123upskirt.com website. As part of the provision, we process your account information.
You can without any obligations fill in your profile with more information about you. Information you provide in your account can be defined as “Sensitive data” and will require you to provide your explicit consent in accordance with Art. 9 (2) (a) GDPR. Some of the information will remain confidential and will only be processed for the implementation and support of contractual relationship:
- Email address.
- Phone Number.
- Contact Information (Full name, address, zip/postal).
Following information can be provided by in order to fill in your public profile, thus making this information publicly available:
- Display Name.
- Physical characteristics.
- Sexual characteristics.
- Sexual preferences.
- Information about you.
- Profile picture.
As the abovementioned information will be visible to the public, we highly recommend to refrain from disclosing real information about yourself. However, should you fill in your profile information, you will be able to edit and/or delete it from your account at any time through your Account Information and Profile Information settings.
For registered users, we use personal data from your account information to send you contractually relevant information about our services, promotions, and news. In addition, you will receive notifications of your activities on 123upskirt.com, such as notifications of incoming messages, pending requests and promotional information.
Paid service: chargeable Chats modes
As a registered user, you have the possibility to access paid content via chargeable Chats modes (Spy Chat, Private Chat, Group Chat, Full-private chat).
Data that must be processed by us to provide this service includes:
- Your account information.
- Status of your “Token” balance.
The processing of your data takes place within the framework of contractual relationship or the pre-contractual relationship, as well as contact requests and for communication, mainly on the basis of Art. 6 (1) (a) — (c) GDPR and for Sensitive Data that allows to draw any conclusions about your sex life, sexual orientation, ethnicity, etc., only with explicit consent according to Art. 9 (2) (a) GDPR.
Consent for processing the aforementioned data can be revoked at any time. Please note that services based on such data may then no longer be available.
Further information on the chargeable Chats modes can be found in the Terms and Conditions of Use (https://en.123upskirt.com/terms).
We automatically collect log data and information regarding your device (computer, phone, etc.) and usage of the website. This can include:
- IP address.
- Date and time.
- Pages visited.
- Used functions of the website.
- Internet browser.
- Operating system.
- Device and browser language.
- Identifiers associated with cookies.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to your device. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage of this data also serves statistical purposes in individual cases. Any other use or disclosure to third parties will not take place. We reserve the right to check the listed data subsequently if there is a suspicion of illegal use of our website.
The log files are stored to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our systems. These purposes are also our legitimate interest in data processing according to Art. 6 (1) (f) GDPR and for Sensitive Data that allows to draw any conclusions about your sex life or sexual orientation, only with explicit consent according to Art. 9 (2) (a) GDPR.
As part of our legal obligations, we collect and store your given consent to cooperate with Art. 7 (1) GDPR. This includes any permissions, consents or preferences given by you to the website and can be used as proof that any relevant consent was given.
The personal data stored by us will be deleted in accordance with legal requirements. We delete the data as soon as it is no longer required for the processing purpose, a given consent is revoked or other permissions cease to apply. Data that must still be stored, e.g. for reasons of commercial or tax law, or whose storage is still required for the assertion, exercise or defense of legal claims, will be deleted as soon as it is no longer required for aforementioned cases.
Disclosure of data and payment
In general, no data is passed on to the third parties.
We have commissioned service providers to process payments. During payment processes, the data protection information and conditions of the relevant service provider are applied, which you can view during the payment process.
As part of the payment processing provided by the payment processor and the associated identity and credit check, you usually have to provide personal payment information. The data you enter in the entry field will be transmitted to the payment processor and us and will be stored by us.
The legal basis for the data processing is Art. 6 (1) (a) — (b) GDPR.
In some cases, we use processors who process personal data on our behalf and provide it to us as a service. We have entered into contracts with our processors. This means that the processors may only process your personal data in a way that we have explicitly instructed them to do. The processors will only share your personal data with us and no other entities or organizations. They will also ensure that necessary technical and organizational measures are taken to process your data securely and will only store your personal data for as long as we have instructed them to do so.
For fraud prevention reasons we can request certain evidence in order to prevent unauthorized use of payment methods. As an example of such evidence can be a photo of identification document and/or payment method. The legal basis for this processing is Art. 6 (1) (a) — (d). We would like to point out that we are not processing biometric data as we are not using any type of technology to process the abovementioned evidence.
In certain circumstances, we are required by law to transfer and share personal data with third parties. For example, in the context of legal proceedings.
Data subject rights
Data subjects have the following rights with regards to their personal information:
- The right to be informed about the collection and the use of their personal data (Art. 15 GDPR).
- The right to have inaccurate personal data rectified, or completed if it is incomplete (Art. 16 GDPR).
- The right to erasure (to be forgotten), unless exceptions apply as to why we are still storing the data, for example, retention obligations or periods of limitation (Art. 17 GDPR).
- The right to restrict processing of personal data (Art. 18 GDPR).
- The right to object to processing in the public or legitimate interest (Art. 21 GDPR).
- The right to revoke consent to data processing at any time (Art. 7 (3) GDPR).
- The right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services (Art. 20 GDPR).
- The right to lodge a complaint with a data protection supervisory authority if you are dissatisfied with us processing your data (Art. 77 GDPR).
Information for Residents of California
- Consumers’ Right to Delete Personal Information (1798.105. CCPA).
- Consumers’ Right to Correct Inaccurate Personal Information (1798.106. CCPA).
- Consumers’ Right to Know What Personal Information is Being Collected (right to access Personal Information) (1798.110. CCPA).
- Consumers’ Right to Know What Personal Information is Sold or Shared and to Whom (1798.115. CCPA).
- Consumers’ Right to Opt Out of Sale or Sharing of Personal Information (1798.120. CCPA).
- Consumers’ Right to Limit Use and Disclosure of Sensitive Personal Information (1798.121. CCPA).
- Consumers’ Right of No Retaliation Following Opt Out or Exercise of Other Rights (1798.125. CCPA).
We would like to point out that we do not “sell” your Personal Data. The term “sell” is defined in 1798.140. (ad) (1) CCPA.
Alternatively, you can contact us by using our Customer Support Chat.
In general, the use of this website is also possible without providing personal data.
This site uses SSL encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data. You can recognize an encrypted connection by the fact that there is a “https://” instead of a “http://” in the address line of the browser and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
Encrypted payment transactions
In order to gain access to the paid services of our website, personal payment information is required as this data is required for payment processing.
Payment transactions using the usual means of payment are made exclusively via an encrypted SSL connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
Our website uses CloudFlare features. The provider is CloudFlare, Inc. 101 Townsend St, San Francisco, CA 94107, USA.
CloudFlare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through CloudFlare’s network. CloudFlare is thus able to analyze the traffic between users and our websites, for example, to detect and prevent attacks on our services. In addition, CloudFlare may store cookies on your device for optimization and analysis.
We have concluded a corresponding agreement with Cloudflare on the basis of the GDPR for commissioned processing or according to EU standard contractual clauses. Cloudflare collects statistical data about visits to this website. The access data includes:
- Name of the accessed website and/or file.
- Date and time of access.
- Amount of data transferred.
- Notification of successful access.
- Browser type and version.
- The user’s operating system.
- Referrer URL (the previously visited page).
- IP address and the requesting party providers.
Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of the services.
If you have consented to the use of Cloudflare, the legal basis for the processing of personal data is Art. 6 (1) (a) GDPR. In addition, we have a legitimate interest in using Cloudflare to optimize our online services and to make it more secure. The corresponding legal basis for this is Art. 6 (1) (f) GDPR. The personal data will be kept for as long as it is necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer required to achieve the purpose.
The transfer of your personal data to the USA takes place on the basis of the standard contractual clauses.
For more information about CloudFlare, visit: https://www.cloudflare.com/privacypolicy/.
We use reCAPTCHA on our website, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland (“Google”). The service is a function that allows us to distinguish whether the input was correctly made by a person or by a computer program with automatic program sequencing. During the query, the following data required for this service is transmitted to Google:
- Referrer URL.
- IP address.
- Browser type.
- Browser language.
- Date and time of your request.
- One or more cookies that may identify your browser.
Google will use this information for evaluation purposes. Your IP address, which is transmitted by your browser as part of the reCAPTCHA service, is not merged with other data from Google.
For the data collection at Google, the deviating data protection regulations of the company apply.
General information about cookies
Information is stored in the cookie that results from the connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which changes to settings you have made so that you do not have to change them again.
We therefore use the data obtained via cookies exclusively to optimize overall performance of the website for the end user and for statistical analysis in order to better adapt our services to the interests of our users.
The legal basis for the processing of personal data using cookies for analysis purposes is — based on the consent given by the user — Art. 6 (1) (a) GDPR.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.
|ts_type2||1 year||Used for tracking of the source type|
|fv||1 year||Marks date of the first visit of the website. Used to distinguish between new and old visitors for AB tests|
|uh||1 year||User Hash. Used to distinguish between visitors and logged in users for AB tests|
|sg||1 year||Split Group for AB tests. Determines version of the website displayed|
|__ti||7 days||List of initialized AB tests|
|warning18||1 year||Determines if the “18+ banner” should be shown|
|rmn||180 days||“Remember Me” cookie|
|con_em_cl||Session||Used to ensure that the banner for “email confirmation” was closed|
|bcnotokenssince||1 year||Determines if the user logged in and with zero tokens|
|__dbuhf||1 year||Used for dynamic banner|
|__dbuh||1 year||Used for dynamic banner|
|lc||1 year||Used for switching languages via widget|
|con_ph_decline_reason||1 day||Used to store the decline reason for “bonus tokens for mobile phone verification”|
|reg_ver2||1 year||Used for checking if the email is mandatory during account registration.|
|mreg_ver2||1 year||Used for checking if the email is mandatory during account registration on mobile devices.|
|ue||1 year||User events|
|_saf_||Session||Used for 2-step-authentification|
|ls02||Session||Used to remember “Sorting type”|
|ls01||1 year||Used to remember size and type of the previews|
|sip||180 days||Used for username popup. Stores username and profile picture of the user|
|a10t||7 days||Used to define guests who close the “bonus token for registration” banner.|
|itpl||1 year||Used to define users who visit website through special URL|
|__cf_bm||30 minutes||Used to manage incoming traffic that matches criteria associated with bots|
Publisher: Google Analytics
Third-party cookies from Google Analytics are used. For more information visit:
What kind of data is collected?
- Origin (country and city).
- Operating system device (PC, tablet or smartphone).
- Browser and any add-ons used.
- Resolution of the computer.
- Visitor source (Facebook, search engine, or referring website).
- Which files were downloaded?
- Which videos were watched?
- Were any advertising banners clicked?
- Where did the visitor go? Did he click on other pages of the portal or did he leave it completely?
- How long did the visitor stay?
|_ga||1 year 1 month 4 days||Serves to distinguish users|
|_ga_*||1 year 1 month 4 days||Used to get session status|
|_gat_gtag_UA_*||1 minute||Serves to reduce the number of data transfers to Google|
Changing the cookie settings
You can adjust or revoke the cookie settings you have already made at any time by calling up the cookie box.
Most browsers are set by default to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser to notify you when cookies are sent.
We would like to point out that as a result of such settings, you may only be able to use our website with restrictions.
On our websites, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland (“Google”). In this context, pseudonymized usage profiles are created and cookies (see “Cookies”) are used. The information generated by cookies about your use of this website such as
- browser type/version,
- operating system,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address) and
- time of the server request,
is transferred to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services related to website activity and internet usage. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other data from Google. The IP addresses are anonymized so that this assignment is not possible (IP masking).
These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) (a) GDPR.
You can read the data protection provisions of Google Analytics here: https://support.google.com/analytics/answer/6004245.
Activities in social networks
In order to interact with you on social networks and to inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we will be jointly responsible for the processing operations triggered by this, within the meaning of Art. 26 GDPR, with the provider of the respective social media platform.
We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
As a precaution, we therefore inform you that your data may also be processed outside the European Union or the European Economic Area. The use of social networks may therefore be associated with data protection risks for you, as the protection of your rights (to information, erasure, objection, etc.) may be more difficult and the processing in the social networks often takes place directly for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used, or the usage behavior is assigned to your own member profile on the social networks. Only if you log in to the social network under your personal account, the providers may be able to directly assign the visit to our websites to your profile on the respective social media platform.
The described processing operations of personal data are carried out pursuant to Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) (a) GDPR in conjunction with. Art. 7 GDPR.
(Co-)responsible for data processing in Europe:
Twitter International Company, 1 Cumberland St S, Fenian St, Dublin 2, Ireland
Information about your data:
(Co-)responsible for data processing in Europe:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
(Co-)responsible for data processing in Europe:
Telegram Messenger Inc., Vistra (Bvi) Limited, Vistra Corporate Services Centre, Wickhams Cay Ii, Road Town, Tortola, Virgin Islands, British, VG1110
When contacting us (e.g. via contact form or e-mail), personal data is collected. The data collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. In cases where the purpose of your request is concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted after final processing of your request. We will delete your data if the circumstances indicate that the matter in question has been resolved and the deletion is not contrary to any legal obligation to retain data.
Moreover, our system automatically records and retains all chat room communications. The legal basis for the processing of the data is our legitimate interest and legal obligations in accordance with Art. 6 (1) (a) — (c) GDPR. We treat these communications as strictly confidential and do not access, use or disclose the contents of communications, unless we are legally obliged to comply with applicable laws, have to protect our rights to property or in emergencies when we believe that physical safety is at risk.
We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or legal permission. As the contents of the Newsletter are specifically described in the Terms and Conditions of Use, your consent is given during the time of registration and/or email confirmation. You can unsubscribe from receiving the Newsletter by clicking “Unsubscribe” button in the Newsletter e-mail.
Double-Opt-In and Logging
Registration for our Newsletter takes place in a so-called double-opt-in process. If you decide to provide your e-mail during or after the registration process, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with your e-mail address. It is not mandatory to confirm your e-mail address in order to use our website, however several functions may be restricted. The subscriptions to the Newsletter are logged in order to be able to prove the registration process according to the legal requirements.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consents.
You can unsubscribe from receiving the Newsletter by clicking “Unsubscribe” button in the Newsletter e-mail.
Awareness and training
We ensure that our employees are fully aware of their legal obligations according to the law in relation to data protection. Our training program aims to raise awareness of our new and existing employees of the latest developments in data protection and practical methods used for this purpose. Recuring training is given at regular intervals to ensure that all employees are reminded of their responsibilities and duties and are informed of any new developments in data protection.
Any personal data collected about you will be maintained by us strictly for business purposes and will be kept confidential as all our employees have signed a Confidentiality Agreement in this regard.