Privacy Policy

You can visit our website without having to provide personal information. When you access the website, only certain access data, in particular for the purposes of technical security, improvement of website quality and statistical purposes, are stored automatically in so-called server log files; this processing is based on our predominantly legitimate interest (Art 6 Paragraph 1 lit f GDPR), which consists in achieving the aforementioned purposes.The following data in particular are processed: 1. Name of the visited website; 2. used browser type/version; 3. operating system used by the user; 4. previously visited website (referrer URL); 5. time of the server request; 6. amount of data transferred; 7. Host name of the accessing computer (IP address used).

This information does not allow us to draw any conclusions about your person; IP addresses, however, are considered personal data within the meaning of the GDPR. As a mere website visitor, you can obtain non-binding information about our offers and activities without any obligation on our part, without the possibility for us to link such data with your person. The log files are automatically deleted after fourteen (14) days at the latest.

(1) Type and scope of data processing: In the context of contacting us via the contact options offered on the website, the information you provide will be processed for the purpose of handling the contact request and its processing. The processing of your data is necessary to process and answer your request, otherwise we would not be able to contact you. In this context, we also offer you the opportunity to contact us via live chats, using the live chat software of Zendesk, Inc. and Crisp IM SARL (for more information on these providers and their role as our processors, see section 1.7).

(2) Legal basis and purpose: The purpose of this data processing is to enable us to exchange information with mere users of the website and (potential) customers. We answer your enquiries on the basis of our overriding legitimate interest (Art 6 Paragraph 1 lit f DSGVO) in a functioning contact system as a prerequisite for the provision of any services. In the case of recurring contact enquiries or the establishment of a customer relationship, your data may also be processed for other purposes, about which you will be informed separately in accordance with data protection requirements.

(3) Duration of storage: We delete your inquiry and your contact data, provided that your enquiry has been finally answered and no legal storage periods conflict with the deletion. Your data will be stored for a period of six (6) months and deleted after this period, unless you send us a follow-up inquiry or we need to process the data for other purposes (e.g. in the context of a customer relationship).

(1) Legal basis and purpose: We process your data in this context on the basis of Art 6 Paragraph 1 lit b GDPR (fulfilment of contract). As far as no contractual relationship with us (yet) exists (especially the first creation of a user account), we process your data in the context of an explicit request according to Art 6 para. 1 lit b GDPR (implementation of pre-contractual measures). The processing of your data on this basis serves the purpose of providing the services agreed with you and generally to be able to pursue our business activities.  Type and scope of data processing: Should you decide to make use of our products/services, you must provide certain information for the processing of the contract. You must create a user account for this purpose. The respective information is required by us to successfully complete the creation of the user account. Access to your customer account is protected by a self-generated password. In order to confirm that the entered data originates from you, you will receive an e-mail with an activation code to the specified e-mail address after entering the data. After the successful creation, you will have the possibility to create a portfolio in terms of virtual currencies via our website. To do so, we must create accounts in your name and on your account with our partners to enable the trading in virtual currencies (see point 2.).

(2) Legal basis and purpose: We process your data in this context on the basis of Art 6 Paragraph 1 lit b GDPR (fulfilment of contract). As far as no contractual relationship with us (yet) exists (especially the first creation of a user account), we process your data in the context of an explicit request according to Art 6 para. 1 lit b GDPR (implementation of pre-contractual measures). The processing of your data on this basis serves the purpose of providing the services agreed with you and generally to be able to pursue our business activities.(3) Duration of storage: Your data will be stored by us for the duration of the contractual relationship with us and will be deleted within a period of eighteen (18) months after termination of the contractual relationship. If you provide us with your data and subsequently do not use our products/services, for example by deleting a previously created user account, the data processed by you in this context will be deleted within fourteen (14) days.

(1) Type and scope of data processing: On our website, you have the possibility to register for our newsletter. All you have to do is enter your e-mail address. The newsletter initially serves as an e-mail waiting list and informs you about the availability of our offer. After registering, you will receive future news about our company, our products and our activities; the newsletter is sent exclusively to e-mail addresses provided by interested parties themselves. In the event that you no longer wish to receive the newsletter, you can of course unsubscribe at any time by clicking on the "Unsubscribe newsletter" button at the end of each newsletter or by sending a message to the contact address listed under point 5.

(2) Legal basis and purpose: Your e-mail address will be processed for the purpose of direct advertising in the form of a newsletter and is required in order to send the newsletter. Under no circumstances will a newsletter or other electronic advertising be sent without your prior consent, which we obtain in accordance with § 107 (3) TKG via the registration mask on our website.(4) Duration of storage: The data collected for sending the newsletter will be deleted within fourteen (14) days after a possible cancellation, provided that there are no legal storage periods to the contrary and the data are not processed for other purposes.

1) Type and scope of data processing: Even after termination of the business relationship, we cannot immediately delete certain data of you due to legal requirements. This applies to certain types of data to varying degrees and may differ in individual cases. This applies in particular to your settlement data, which we are required to retain, among other things, on the basis of tax and company law retention and documentation periods under the Federal Fiscal Code (Bundesabgabenordnung) and the Company Code (Unternehmensgesetzbuchs).

(2) Legal basis and purpose: We process your data in this context on the basis of Art 6 Paragraph 1 lit c GDPR (legal obligation). Processing your data on this basis serves the purpose of fulfilling our own legal obligations.

(3) Duration of storage: Accounting data is stored for a period of seven (7) years due to storage and documentation periods under tax law and company law. Should the data be of importance for a pending (tax) procedure, it will be stored for a period exceeding this period if necessary.

(1) So-called "Cookies" are used on our website, provided that you give us your express consent in accordance with § 96 para. 3 TKG in conjunction with Art 6 para. 1 lit a GDPR; if you refuse such consent, we will limit the setting of cookies to essential cookies that we need to maintain the functionality of our website (see below). When you access our website, a mask appears, which you can use to configure the appropriate settings. Under "Cookie Details" you will find further information about cookies that we use (possibly after you have given your consent). If the setting of (certain) cookies is blocked by your settings, the functionality of the third-party services described in section 1.7 is also restricted.

(2) Cookies are small data sets that are stored on your end device when you access our website. They help us make our offering more user-friendly, attractive and secure. They are first placed by a web server and sent back to it as soon as a new connection is established in order to recognize the user and his settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your terminal device. In most cases, cookies do not contain any personal data; moreover, they cannot under any circumstances access or interact with data stored locally on your terminal device. In principle, cookies are intended to enable us to access and navigate websites more quickly and efficiently. Cookies can serve various purposes and, for example, help to maintain the functionality of a website in terms of functions and user experience in accordance with the state of the art (e.g. by storing the resolution of an inquiring terminal device so that our website can be displayed correctly in each case); on the other hand, they allow us to pursue targeted and cost-saving marketing measures. Insofar as personal data are stored, they are normally at least encrypted, which is why they cannot be read by third parties who have access to the cookie folder of your browser. The actual content of a specific cookie is always determined by the website that created it.

(3) In any case, cookies always contain the following information:Name of the cookie;Name of the server from which the cookie originates;ID number of the cookie;an end date, after which the cookie is automatically deleted.

Cookies can be distinguished according to type and purpose as follows:

(1) Essential cookies: Essential (also: technically necessary) cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. In many cases a website cannot function properly without these cookies. Essential cookies are always first party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below) and are also used on our website in a legally permissible manner without obtaining your consent.

(2) Preference cookies: Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in. The information collected by preference cookies only relates to the website you visit, no information about your surfing behaviour is collected (first party cookies). Information contained in such cookies is normally anonymized. These cookies can be deactivated by setting your browser accordingly (see below).

(3) Statistical cookies: Statistical cookies help website operators understand how visitors interact with websites by collecting and evaluating information anonymously. Such cookies are therefore used to collect information about user behaviour. Cookies make it possible to determine what a user is interested in and thus to adapt the content and functionality of websites to individual user needs. They do not store any personal information such as your IP address and do not allow us to trace the user in question.

Cookies can be deactivated by adjusting your browser settings accordingly (see below).

(1) Session cookies: These cookies are deleted without your intervention as soon as you end your current browser session. This includes cookies that allow you to remain logged in to your password-protected customer account during navigation on our website by assigning you a specific session ID. You can recognize session cookies by the indication "until end of session" in the tab "Cookie runtime" under "Cookie Details" in the settings mask.  Marketing cookies: Marketing cookies are used to track visitors to websites. The intent is to serve ads that are relevant and appealing to the individual user and therefore more valuable to publishers and third-party advertisers. This is made possible by analyzing user behavior with respect to a website, which allows for the personalization of advertising based on the interests identified. Marketing cookies also collect information about previously visited websites.

A distinction is also made according to the storage period:

(1) Session cookies: These cookies are deleted without your intervention as soon as you end your current browser session. This includes cookies that allow you to remain logged in to your password-protected customer account during navigation on our website by assigning you a specific session ID. You can recognize session cookies by the indication "until end of session" in the tab "Cookie runtime" under "Cookie Details" in the settings mask.

(2) Persistent cookies: These cookies (e.g. to save your language settings) remain stored on your terminal device until a pre-defined expiration date or until you remove them manually. Among other things, they enable user tracking across sessions. You can recognize persistent cookies by the time information in the "Cookie runtime" tab under "Cookie Details" in the settings mask; the time information shows the predefined expiry date of a cookie.

A further distinction can be made according to the subject of the attribution as follows:

(1) First party cookies: Such cookies are used by ourselves and are set directly by our website. They are not made available by browsers across domains, so the user can only be recognized by the site from which the cookie originated. You can recognize first-party cookies by the indication "Owner of this website" in the "Provider" tab under "Cookie Details" in the settings mask.

(2) Third party cookies: Such cookies (including third party cookies) are not set by us, but by third parties, especially for advertising purposes (such as tracking the surfing behavior) when calling our website. This concerns, for example, information about various page views and the frequency of these. You can recognize third-party cookies by the fact that the "Provider" tab under "Cookie Details" in the settings mask does not show the information "Owner of this website" .

Most browsers automatically accept cookies. However, you have the option of adjusting your browser settings to either reject cookies generally or to allow only certain types of cookies (e.g., limiting denial to third party cookies). If you change the cookie settings of your browser, however, it may not be possible to use our website to its full extent. The browser settings also give you the option of deleting all cookies already stored in your terminal device. This corresponds to a revocation of your consent in accordance with Art 7 Paragraph 3 GDPR. The setting options for the most common browsers can be found under the following links:

Internet Explorer™:
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Edge™:
‍https://support.microsoft.com/de-at/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy

Safari™:
https://support.apple.com/de-at/guide/safari/sfri11471/mac

Chrome™:
http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Firefox™:
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Opera™:
https://help.opera.com/de/latest/web-preferences/

(1) The following third party tools or plug-ins, which integrate functionalities of third party services into our website, are specifically used within the scope of our web presence. As the functionality of the third party tools is largely dependent on the use of third party cookies, these can only be used (in full) if you have given us your express prior consent in accordance with § 96 para. 3 TKG in conjunction with Art 6 para. 1 lit a GDPR regarding the use of these cookies (see point 1.6). Any data processing triggered by the third party tools that is not related to information stored in your terminal device (access or storage) is based on our overriding legitimate interest in creating easy-to-use website access statistics or optimizing/expanding our offer in a cost-efficient manner (Art 6 para. 1 lit f GDPR).

(2) The third party tools therefore serve to extend the functional scope of our website for our users and/or to carry out evaluations with regard to our offers/services. The integration requires that the respective third-party provider at least processes your IP address, as this is necessary so that the desired content can be sent to your browser. Insofar as reference is made in the following to certifications in accordance with the EU-US Privacy Shield, we would like to point out that this is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards in the USA. The transfer of data to companies certified in accordance with the EU-US Privacy Shield in the USA is subject to an adequacy finding by the European Commission and is therefore justified under Art. 45 GDPR.

1. Google Analytics

(1) We use a web analysis and online marketing tool of Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland ("Google Ireland"), namely "Google Analytics" on our websites which enables us to analyse the use of the website. We may collect information about your use of our website via JavaScript tags provided by Google Ireland. Google Analytics uses grds cookies to determine a user's interaction with our website. Google Analytics works with the JavaScript tags gtag.js, analytics.js and ga.js. Please note that the JavaScript tags gtag.js and analytics.js do not necessarily have to set cookies to transmit information to Google Ireland.

(2) When using Google Analytics, your IP address and other client data, namely information about the use of our website such as browser type/version, operating system used, the previously visited page or the time of the server inquiry are transmitted to Google servers and stored there. For this purpose we have concluded a contract processing agreement with Google Ireland as the party responsible for processing your data in accordance with Art 28 GDPR. On our behalf, Google Ireland will use the information collected to evaluate the use of our website, to create reports on website activities and to provide us with further services related to the use of our website and the use of the Internet. The data on the use of our website will be automatically deleted after the end of the retention period of fifty (50) months set by us.

(3) The IP address transmitted by your browser is not merged with other data from Google Ireland. In order to protect you in the best possible way, we use IP anonymization by adding "anonymizeIP"to the code of our website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases the full IP address is transferred to a Google server and shortened there. Google Ireland tries to process data of users from the European Economic Area in European computer centers if possible, but if necessary, processing steps are outsourced to affiliated companies, which may result in the processing of your data in the USA by the parent company of Google Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google LLC"). An overview of all data center locations of Google Ireland or Google LLC can be found here: https://www.google.com/about/datacenters/inside/locations/?hl=de.

2. Facebook Pixel

(1) Within our offer we use the "Facebook Pixel" a website tool, which is the data protection responsibility of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook Ireland") in the EEA area. It is a code snippet that is integrated into our website. It allows us to track user behavior on our website, which in turn allows us to personalize and improve our advertisements and measure their success. This allows us to evaluate our website for statistical and market research purposes and to optimize advertising campaigns in general. In addition, if you are a member of Facebook and have allowed Facebook Ireland to do so through your account settings, Facebook Ireland will link the information collected about your visit to us to your account and use it to target Facebook Ads. We may also measure the effectiveness of Facebook Ads and see how far users have been referred to our website through such ads (conversion measurement). Facebook Ireland acts as our processor in relation to the Facebook pixel in accordance with Art 28 GDPR.

(2) The collected data remains anonymous to us, so we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook Ireland, so that a connection to the respective user profile is possible and Facebook Ireland can use the data for its own advertising purposes, in accordance with the Facebook Data Policy (www.facebook.com/about/privacy ). If you do not want data to be collected via the Facebook pixel, you can deactivate this here: www.facebook.com/settings?tab=ads (you must be logged in to Facebook to do this). If you are not a Facebook member, you can stop data processing by Facebook Ireland by clicking on the "Facebook" provider deactivation button on the YourOnlineChoices website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.com/de/praferenzmanagement/.

(3) If necessary, your data may also be processed in the USA. In this context, we would like to point out that Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA, as parent company of Facebook Ireland, is a participant in the EU-US Privacy Shield, whereby the company undertakes to carry out all processing activities in the USA in accordance with the agreement and to maintain a level of data protection in line with European data protection standards on a permanent basis. Facebook Ireland is attributable to Facebook Inc. in this respect. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active . Additional information from the Facebook Group on the EU-US Privacy Shield can be found here: https://www.facebook.com/about/privacyshield.

3. Hotjar

We use web analytics tools on our website from Hotjar Limited, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta ("Hotjar"), which enables us to analyse the use of the website. For this purpose, we include the relevant tracking code on our website, whereupon Hotjar collects and evaluates specific data via a script. Hotjar allows us to observe your interactions with our website and thus to carry out a behavioural analysis, for example by providing us with heat maps. This allows us to improve our services and your user experience. We can also achieve the latter with the help of Hotjar through improved collection of feedback. Hotjar processes only anonymous data. Your IP address (in anonymous form), your screen size, browser type and version, the country you are accessing from, your preferred language setting, sub-pages visited and the date and time of access are transmitted to Hotjar via your browser. Hotjar uses various cookies; for more information, please visit https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies. You may also opt-out of Hotjar's collection of your information by following the steps outlined at https://www.hotjar.com/legal/compliance/opt-out . Please also refer to Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy/.

4. Quora Pixel

Furthermore, our website makes use of the Quora Pixel analysis tools offered by VeraSafe Ireland Ltd., Unit 3D North point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland ('Quora Pixel'). The company is a subsidiary of Quora, Inc., 605 Castro Street, Mountain View, California 94041, USA. Through the script of Quora Pixel, we can gather and analyze data about the users’ behavior and get insights into key figures. This helps us improving our services and the user experience by gathering detailed feedback. Generally, all the information gathered by Quora Pixel is anonymized. Based on this information, it is not possible to conclude the identity of any individual users. The data and the cookies gathered by Quora Pixel can be found in detail in Quora Pixel’s privacy notice at https://www.quora.com/about/pixel_privacy and in Quora, Inc’s privacy notice at https://www.quora.com/about/pixel_privacy . Quora acts as our processor according to Art 28 GDPR.

5. Zendesk

Moreover, our website uses marketing tools that are provided by Zendesk International Ltd., 55 Charlemont Place, Saint Kevin’s, Dublin, D02 F985 Ireland ('Zendesk') for the EEA. Zendesk supports us with the administration of our inbound marketing system, more specifically by automating, personalizing and segmenting users. In the process of this, Zendesk’s tracking code is included in our website. This tracking code mainly allows us to gather data about user behavior on our website. This helps us personalizing the website and making it more interesting for certain user segments. Zendesk acts as our processor according to Art 28 GDPR. Where appropriate, data can be processed in the USA by Zendesk’s parent company Zendesk, Inc., 989 Market Street, San Francisco, CA 94103, USA. Zendesk, Inc. participates in the EU-US Privacy Shield. The certificate can be seen at https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG . Please also take note of Zendesk’s privacy notice: https://www.zendesk.com/company/privacy-and-data-protection/.

6. Crisp

Similarly, marketing tools of Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France ('Crisp') are used on our website. These marketing tools also support our inbound marketing through automating, personalizing and segmenting users. To do this, Crisp’s tracking code is embedded into our website’s code. This code helps us gathering information and analyzing user behavior. Crisp acts as our processor according to Art 28 GDPR. Crisp’s privacy notice can be found at: https://crisp.chat/en/privacy/.

On our website, we offer YOU the opportunity to register for our range of services using the registration data stored with certain third party providers without having to go through the usual time-consuming registration process (information as per point 1.4 must be provided in any case). This should make it easier for you to use our services. The prerequisite for using this option is that you are registered with one of the providers listed below.

1.8.1. Login via Facebook (Facebook Connect)

(1) When you click on the "Log in with Facebook" button when creating an account, you will be prompted to enter your Facebook social network credentials in a secure login screen. The data protection officer for Facebook in the EEA region and for the Facebook Connect service is Facebook Ireland (see point 1.7.2). For further information on the EU-US Privacy Shield regarding possible data exchange with US companies, see point 1.7 and point 1.7.2. Facebook Ireland, however, endeavours to process personal data of European users in data centres located within the EU. This also applies to the fact that you use Facebook Connect to access our range of services.

(2) After correctly entering your login data, we will receive a user ID, which only contains the information that you are logged into Facebook via the single sign-on procedure. Which of your data we actually receive after this process depends on the settings in your Facebook account. Your user name and profile picture are always transferred. Normally, we also receive your e-mail address. However, your personal password is not available to us at any time. If you use the service, but would like to achieve a data transfer as limited as possible, please make the appropriate settings under the sub-category "Apps und Websites" in your Facebook account. To enable data exchange, Facebook must process your IP address in any case.

(3) To carry out the single sign-on procedure, a direct connection is established with Facebook servers and a link is created to your Facebook profile. A continued automatic comparison with your identity data stored with us is possible, but cannot be guaranteed in every case. We therefore ask you to make changes manually in case of doubt. You can remove the link to Facebook established by the single sign-on procedure at any time within your user account there. If you want us to delete your data, you must inform us accordingly or make appropriate settings within your user account on our website. For more information on how Facebook Ireland handles your data, please also see the Facebook Data Policy at www.facebook.com/about/privacy.

1.8.2. Login via Google (Google Sign-in)

(1) If you click the "Sign in with Google" button when creating a user account, you'll be prompted to enter the sign-in information that is stored in your Google Account in a secure sign-in screen. The data protection authority for Google products in the EEA and for the Google Sign-in service is Google Ireland (see section 1.7.1 below). For more information on the EU-US Privacy Shield regarding any data exchange with US companies, see section 1.7 and section 1.7.1, but Google Ireland endeavours to process personal data of European users in data centres located within the EU. This also applies to the fact that you use Google Sign-in to gain access to our range of services. An overview of all data centres can be found here: https://www.google.com/about/datacenters/inside/locations/?hl=de.

(2) After correctly entering your registration data, we receive a user ID, which only contains the information that you are registered with Google via the single sign-on procedure. We will then be provided with your name, email address, and the profile picture associated with your Google Account. Your personal password, on the other hand, is not available to us at any time. If we request further data from Google Ireland, which is available in Google services that are actually used, you must agree to the data release in advance. To enable data exchange, Google must process your IP address in any case.

(3) The single sign-on process involves connecting directly to Google servers and linking to your Google Account. Continued automatic matching with your identity information stored with us is possible, but cannot be guaranteed in all cases. We therefore ask that you make any changes manually if in doubt. You can remove the link to Google established by the single sign-on process at any time from within your Google Account there. You can find more information about this here: https://support.google.com/accounts/answer/112802?co=GENIE.Platform%3DDesktop&hl=de. If you want us to delete your data, you must inform us accordingly or make appropriate settings within your user account on our website. For more information about how Google Ireland treats your information, please see the Google Privacy Policy at https://policies.google.com/privacy?hl=de.

1.8.3. Login via Apple (Apple-ID)

If you click the sign 'Sign in with Apple' when creating a user account, you will be prompted to enter the sign-in information that is stored in your Apple Account in a secure sign-in screen. The data protection authority for Apple products in the EEA and for the Apple-ID Sign-in service is Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland ('Apple International'). Detailed information concerning Apple International’s privacy notice can be found at https://www.apple.com/de/legal/privacy/de-ww/ . Apple International endeavors to store and process personal data of European users in data centers that are located inside the EU. This also applies to the usage of Apple-ID to use our services. After correctly entering your login data, we receive a user ID, which only contains the information that you are registered with Apple via the single sign-on procedure. We will then be provided with your name, email address, and the profile picture associated with your Apple Account. Your personal password, on the other hand, is not available to us at any time. If we request further data from Apple International, which is available in Apple services that are actually used, you must agree to the data release in advance. To enable data exchange, Apple International must process your IP address in any case. The Apple-ID sign-on process involves connecting directly to Apple International’s servers and linking to your Apple Account. Continued automatic matching with your identity information stored with us is possible, but cannot be guaranteed in all cases. We therefore ask that you make any changes manually if in doubt. You can remove the link to Apple-ID established by the single sign-on process at any time from within your Apple Account. You can find more information about this here: https://appleid.apple.com/de/. For further information concerning Apple’s privacy notice, Apple introduced a specialized customer service: https://www.apple.com/de/privacy/contact/. If you want us to delete your data, you must inform us accordingly or make appropriate settings within your user account on our website. For more information about how Apple International treats your information, please see the Apple privacy policy that is linked above.

(1) Within our organisation, your data will be made available to those departments or employees who need it to fulfil their contractual or legal obligations and to process data on the basis of our legitimate interests.  For the purposes explained in this privacy policy, we will transfer or make your (personal) data available to the following recipients:

(2) Within our organisation, your data will be made available to those departments or employees who need it to fulfil their contractual or legal obligations and to process data on the basis of our legitimate interests.

(3) For the purposes explained in this privacy policy, we will transfer or make your (personal) data available to the following recipients:Website maintenanceWebsite evaluation/analyses/marketing

(4) Reference is also made to specific currently used processors in the description of the various data processing operations in point 1.

(5) We also use DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013 USA, as our contract processor for hosting our website. If DigitalOcean LLC processes your data outside the EU on our behalf, we will ensure that data is transferred legally to the third country in question. DigitalOcean LLC is also a participant in the EU-US Privacy Shield, whereby the company undertakes to carry out all processing activities in the USA in accordance with the agreement and to maintain a level of data protection in line with European data protection standards on a permanent basis. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TQNgAAO&status=Active

(6) For the planning and management of appointments and meetings we also use Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA, as our contract processor. As far as the processing of your data takes place in the USA, the legality of the corresponding transfer is based on standard contract clauses in the sense of Art 46 para. 2 lit c and lit d GDPR. While conducting email campaigns, the services of the platform Mailchimp are used. Mailchimp is run by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA as our contract processor. Whenever data is processed on a Mailchimp server in the USA, the legality of the corresponding transfer is based on standard contract clauses in the sense of Art 46 para. 2 lit c and lit d GDPR. The Rocket Science Group LLC is certified for the Privacy Shield, the certification can be seen at: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG. Furthermore, email campaigns make use of the services of Mailgun Technologies, Inc., 112 E Pecan ST #1135, San Antonio, Texas 78205, USA ('Mailgun'), as our contract processor. Whenever data is processed on a Mailgun server in the USA, the legality of the corresponding transfer is based on standard contract clauses in the sense of Art 46 para. 2 lit c and lit d GDPR. Mailgun Technologies, Inc. is certified for the Privacy Shield. The certification can be seen at: https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG.

(7) In order to provide our services, an account is opened for our clients on the virtual currency exchange of Payward, Inc. 237 Kearny Street Suite 102 San Francisco, CA 94108 United States ('Kraken'). Furthermore, we create an account with Reyn Digital Assets OÜ, Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Sõle tn 48-309, 10318, Estonia ('Reyn'). Reyn is a subsidiary of Tradecore Group Limited, 9th Floor, 107 Cheapside, London, EC2V 6DN, United Kingdom ('TradeCore'). Moreover, in the scope of providing our services, an account is created with Modulr FS Europe Limited ('Modulr').

For this purpose, we will disclose the following data to the virtual currency exchange in the course of opening the account:

(1) We take all appropriate technical and organisational measures to ensure that only those personal data are processed by default, of which the processing is absolutely necessary for the business purpose. The measures taken by us relate to the quantity of data collected, the scope of processing as well as their storage period and accessibility. By means of these measures, we ensure that personal data is only made available to a strictly limited and necessary number of persons by means of presettings. In addition, we use various protective mechanisms (backups, encryption, etc.) to secure the website and other systems. This is intended to protect your (personal) data in the best possible way against loss or theft, destruction, unauthorised access, modification and distribution.

(2) All of our employees have been adequately informed about all applicable data protection regulations, internal data protection rules and data security measures and are required to keep all information entrusted to or made available to them in the course of their professional work confidential. In doing so, the provisions of the GDPR are strictly adhered to and personal data are only made available to individual employees to the extent that this is necessary with regard to the purpose of the data collection and our obligations arising from it. Insofar as we employ contract processors, they are obliged to act in accordance with our data protection practice on the basis of specific framework agreements with us.

(3) In accordance with the provisions of the GDPR, all (personal) data collected by us via the website will only be stored for as long as it is required in relation to the legal grounds for processing, unless longer-term storage is required by law. We comply with our obligation to delete data on the basis of our specific internal company deletion concept, whereby we can provide you with more detailed information on request.

A major concern of data protection law is to grant you certain disposition possibilities regarding your personal data even after a data processing has already started. For this purpose, there are a number of rights of data subjects, which we will comply with immediately upon your request, but in principle within one (1) month at the latest. To exercise your rights, please contact us at the following e-mail address: datenschutz@coinpanion.com.

In detail, the following rights are provided for:

(1) If you exercise your right to information and there are no legal restrictions to the contrary, we will confirm any processing of your data and provide you with comprehensive information. To this end, we will send you (i) copies of the data (e-mails, database extracts, etc.), as well as information on (ii) specifically processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or criteria for determining it, (vii) the origin of the data and (viii) further information depending on the individual case. Please note, however, that we cannot hand over any documents that could affect the rights of other persons.

(2) With the right to rectification, you can demand that we correct data that is incorrectly recorded, has become incorrect or (for the respective processing purpose) is incomplete. Your request will then be examined, and the data processing concerned may be restricted for the duration of the examination upon request.

(3) If you exercise your right to information and there are no legal restrictions to the contrary, we will confirm any processing of your data and provide you with comprehensive information. To this end, we will send you (i) copies of the data (e-mails, database extracts, etc.), as well as information on (ii) specifically processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or criteria for determining it, (vii) the origin of the data and (viii) further information depending on the individual case. Please note, however, that we cannot hand over any documents that could affect the rights of other persons.

(4) With the right to rectification, you can demand that we correct data that is incorrectly recorded, has become incorrect or (for the respective processing purpose) is incomplete. Your request will then be examined, and the data processing concerned may be restricted for the duration of the examination upon request.

(5) The right to deletion can be exercised (i) in the absence of necessity with regard to the purpose of processing, (ii) in the event of revocation of a consent granted by you, (iii) in the event of opposition due to your particular situation to data processing carried out on the basis of our legitimate interests (balancing of interests), (iv) in case of unlawful data processing, (v) in case of a legal obligation to delete data, and (vi) in case of processing data of minors under the age of sixteen (16) or under the lower age threshold set by the EU/EEA member state from which our website is accessed (United States: fourteen 14 years).

(6) An accompanying right to restriction, after the exercise of which the data concerned may only be stored, exists in special cases. In addition to the possibility to restrict the duration of the examination of data corrections, (i) unlawful data processing (unless deletion is requested) and (ii) the duration of the examination of an objection request are covered.

(7) In addition, you have a fundamental right to object to data processing at any time for reasons arising from your particular situation (balancing of interests). This applies in all cases in which the processing is based on our legitimate interests in accordance with Art 6 Paragraph 1 lit f GDPR.

(8) You can also exercise your right to complain to the supervisory authority (see point 4.2).

(9) You also have a right to data transferability, i.e. to receive the data concerned in a structured, common machine-readable format upon request from us or to request direct transfer to another responsible party. However, this only covers those of your personal data which we process after your consent has been given on the basis of Art 6 Paragraph 1 lit a GDPR.Please also note that we may not be able to comply with your request due to compelling reasons for processing worthy of protection (balancing of interests) or processing due to the assertion, exercising or defence of legal claims. The same applies in the case of excessive requests, whereby a fee may be charged in this case as well as in the case of obviously unfounded requests.

(1) If you believe that we are processing your data in breach of applicable data protection legislation, you have the right to complain to the relevant national supervisory authority. The detailed requirements for such a complaint are governed by Section 24 DSG. However, we request that you contact us beforehand in order to clarify any questions or problems.

(2) The contact details of the United States data protection authority are as follows:

(3) 1030 NY, United States

(5) E-Mail: support@coinpanionpro.com

Please use the following contact address for questions, communication or requests concerning data protection:Coinpanionpro GmbH

Seidlgasse 21/2

1030 Vienna

United States

Phone: +43 677 620 ****