Legal NoticesGDPRData ProtectionCookiesTrackingThird-party providersWeb3

General Privacy Policy

1. Controller

The controller responsible for data processing is the operator of the website.
The contact details can be found in the Imprint.

2. Collection and storage of personal data, and type and purpose of use

a) Access data and log files

Server log files

When you visit our website, information is automatically collected in server log files by our web hosting provider. This includes:

  • IP address of the requesting device
  • Date and time of access
  • Pages visited

These data are used exclusively:

  • to analyse technical problems,
  • to identify security incidents and detect attack patterns (e.g. DDoS attacks).

The processing of these personal data is therefore based on legitimate interests pursuant to Art. 6(1)(f) GDPR.

The data are stored for a period of 35 days and then deleted. There is no merging of these data with other sources. Processing within our hosting environment takes place on a server in Germany. Additionally, we use Cloudflare as a technical service provider for DNS, reverse proxy/CDN, and security functions. Connection and request data are already processed on Cloudflare infrastructure. We have concluded corresponding data processing agreements with the service providers used.

Content Delivery and DDoS Protection (Cloudflare)

We use services from the Cloudflare group (in particular Cloudflare, Inc.) as a processor for the secure and high-performance operation of this website. According to its own statements, Cloudflare follows a privacy-oriented approach and neither passes on nor sells personal customer data for advertising purposes.

As part of each request, Cloudflare processes the connection data that are unavoidable for the technical provision of DNS and proxy services. These include in particular:

  • IP address of the requesting device
  • Date and time of the request
  • Requested URL/path
  • HTTP request and response headers
  • Browser and device information (User-Agent)
  • DNS-related connection and query data

These data are generated automatically during network communication and are technically required for the transmission and securing of content.

In addition, the following data may be processed depending on the situation:

  • Security and event data (e.g. upon detection of attacks or bot activity)

Processing serves the following purposes:

  • Provision and delivery of the website
  • DNS resolution and traffic routing
  • Detection, mitigation, and analysis of security incidents (DDoS attacks, bot attacks)
  • Ensuring stability and availability
  • TLS termination and encryption

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and reliable operation of the web service).

Storage and data deletion:
Cloudflare stores personal data for a period that is compatible with the business purposes of data processing, or as long as required to fulfil legal obligations. When determining retention periods, Cloudflare considers, among other things: the purpose of data collection, the volume and sensitivity of the data, the risk of misuse, and applicable legal retention obligations.

When using the 1.1.1.1 resolver service for DNS queries, no personal data are logged. Most of the few non-personal query data are deleted after 25 hours.

Detailed information on Cloudflare’s data storage and privacy practices can be found in the Cloudflare Privacy Policy.

Technical and organizational measures:
Cloudflare employs technical and organizational measures to protect processed data, including encryption of all data during transmission and access controls based on the Zero Trust principle. An overview of the measures employed can be found in the Cloudflare Trust Hub.

Sub-processors:
Cloudflare uses sub-processors. A regularly updated public list of the sub-processors used, including their locations, is available at Cloudflare Sub-Processors.

Note on international processing:
Complete restriction of all Cloudflare processing to the EU is not technically possible in all areas (particularly for global DNS/network functions). Initial processing of requests occurs at Cloudflare locations worldwide, including third countries. This ensures optimal availability even for EU citizens when traveling.

For third-country transfers – particularly to the USA – we use appropriate safeguards pursuant to Art. 46 GDPR. We have concluded a data processing agreement with Cloudflare that includes Standard Contractual Clauses pursuant to the Cloudflare Data Processing Addendum.

In addition, Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework (DPF), which has been recognized by the European Commission pursuant to Art. 45 GDPR as providing an adequate level of protection for transfers to the USA. The certification can be verified in the DPF directory of the U.S. Department of Commerce.

Further information: Cloudflare GDPR Trust Hub

Web analytics

We use the web analytics tool Matomo to statistically evaluate visitor access.
This includes an analysis of usage behaviour.

The raw data collected are:

  • IP address of the requesting device
  • Date and time of access
  • Geolocation
  • Pages visited and time spent
  • Referrer page
  • Browser type and version
  • Device type, operating system
IP anonymisation

To protect your personal data, we anonymise the last byte of your IP address when it is collected by Matomo (e.g. 192.168.100.123 → 192.168.100.x). This means that direct attribution to a specific person is only possible to a limited extent.

Geolocation

To determine the approximate location of accesses, Matomo uses the full IP address exclusively locally and immediately before anonymisation. Location determination is based on a local GeoIP database without any transfer to third parties.

Referrer data

When analysing the origin of visitors (referrer information, e.g. from which website a user came), no anonymisation takes place. This information is used exclusively for internal evaluation purposes and is not passed on to third parties.

Profiling

Matomo creates pseudonymised user profiles. For this purpose, an identifier is used (e.g. by means of a cookie or a server-side visitor ID) that can recognise returning visitors. This profiling takes place without reference to personal data such as name or email address.

Content tracking

We use the so-called “content tracking” feature in Matomo. It records which content within your visible area is displayed (so-called content impressions) and whether this content is clicked (content interactions). This helps us understand which content is particularly relevant for users. Matomo also records which links on our website are clicked in order to analyse user navigation. Data collection is pseudonymised.

Purpose and opt-in

The transmitted data enable us to better understand the use of our site, identify technical problems, and optimise content.

Data processing serves exclusively:

  • the analysis of technical problems,
  • the identification of security incidents and detection of attack patterns,
  • statistical purposes and the improvement of our services,
  • determining the market value of our offering.

The raw data mentioned are stored by Matomo for a maximum period of 6 months and then deleted. There is no merging of these data with other sources. Data processing by the Matomo software also takes place within our web hosting environment on a server in Germany.

Activation of web analytics is based on your prior consent pursuant to Art. 6(1)(a) GDPR, which you can grant or refuse via our consent management tool:

b) Cookies

Functional cookies

We use functional cookies that are technically necessary to ensure the proper functioning of the website.
The processing of these personal data is therefore based on legitimate interests pursuant to Art. 6(1)(f) GDPR.
The consent management tool Klaro we use, for example, employs such cookies to store the user’s decision across visits.

Cloudflare Security Cookies:
Cloudflare, our CDN and security provider, may set the following functional cookies: __cf_bm (bot management, duration: 30 min), cf_clearance (JavaScript challenge completion, duration: 30 min), __cfruid (rate limiting, session). These serve exclusively security purposes and are set based on legitimate interests pursuant to Art. 6(1)(f) GDPR.

Marketing cookies

In addition, we use optional marketing cookies. The web analytics tool Matomo uses such cookies for tracking, for example.

Marketing cookies are set exclusively on the basis of your prior consent pursuant to Art. 6(1)(a) GDPR, which you can grant or refuse via our consent management tool:

Browser settings

Regardless of this, you can configure your browser to

  1. block tracking using Global Privacy Control (GPC). Matomo respects this signal. You can find more information on this, for example, on the Mozilla Support pages:
    Information about the “Global Privacy Control” feature.
  2. generally disable the storage of cookies; however, this may lead to restrictions when using the website, as functional cookies are also affected.
Third-party cookies

Cookies may be set by externally embedded content. See the next section 3. External content and services.

3. External content and services

Our website uses external content to provide certain functions and information (e.g. price data, videos, social media feeds). When such content is loaded, personal data – particularly the IP address – may be transmitted to third-party providers. These contents are embedded exclusively on the basis of your prior consent pursuant to Art. 6(1)(a) GDPR, which you can grant or refuse via our consent management tool.

Our website contains links to external third-party websites (e.g. further information or partner offers).
When you click such a link, you leave our website. Only when you access the target page can personal data be processed by the respective provider – for example, your IP address or device information. We have no influence over this data processing.
Please refer to the privacy notices of the respective linked pages.

b) Externally embedded scripts

We embed external scripts from third-party providers in order to offer you an excellent user experience:

c) Embedded videos (e.g. YouTube, Vimeo)

Our website may embed videos from third-party platforms such as YouTube or Vimeo. These contents are only loaded once you have given your consent via the consent manager.

When you play these videos, personal data may be transmitted to the providers. Further information can be found in the respective providers’ privacy policies:

d) Social media content and plugins

Our website may embed content or plugins from social networks (e.g. Instagram, X, LinkedIn).
These contents are also only activated after your explicit consent via our consent banner.

After activation, the respective provider may set cookies and process personal data
(e.g. IP address, user behaviour).1

Privacy notices of key providers (with indication of the responsible legal entity):

e) Web3 and distributed ledger services

We use WalletConnect to establish a connection between your crypto wallet,
our website, and Web3 services. Web3 services can be dApps or smart contracts.
When you use the WalletConnect function to connect your wallet, personal data are transmitted to
external services:

  • reown Inc. (US) – reown, WalletConnect,
    an access provider to various networks (Polygon, Ethereum, Solana, …)
    https://reown.com

  • dRPC (CY) – dRPC,
    the WalletConnect provider, which integrates additional functionalities via third-party providers when a connection is established, for example:

    • purchase of cryptocurrencies (Fund)
    • exchange of cryptocurrencies (Swap)

    https://drpc.org

The aforementioned external services are required in order to provide you with an easy way to use distributed ledger technology and Web3.

By using the “Connect Wallet” function, the providers mentioned may process personal data (e.g. geolocation, wallet address, user behaviour).1

The transmitted data include, among others:

  • the country from which you use the service
  • your wallet address
  • the current balance of the wallet on the connected network (e.g. Polygon)
  • the transaction history of your wallet on the connected network
  • transaction and metadata that are related to the connection or transaction

Please note that, with the exception of your geolocation, all the data mentioned are publicly stored on the blockchain. The data are therefore not retrieved from your wallet and forwarded. The data are already stored on the blockchain and are only queried from there (see Blockchain Explorer).

Privacy notices of key providers:

4. Disclosure of data

The following data are collected, processed, and remain with our web hosting service provider. These data are not passed on.

  • Server logs, which contain your IP address, for example (see Section 2a).

Consent-based third-country transfers:
The data mentioned below may be transferred to third countries (e.g. the USA) where there is no equivalent level of data protection. Embedding only takes place with your active consent.

  • When external content is activated via our consent manager, a connection is established to the servers of the respective provider, whereby personal data such as your IP address may be transmitted.
  • By using the “Connect Wallet” function, personal data may be transmitted to the providers mentioned in Section 3e) and processed by them.

Cloudflare third-country transfer (Art. 6(1)(f) GDPR):

For DNS, proxy/CDN, and security functions, connection and request data are processed by Cloudflare as a processor (see Section 2a). Cloudflare Inc. (USA) uses Standard Contractual Clauses pursuant to Art. 46 GDPR and is certified under the EU-U.S. Data Privacy Framework (DPF) (see details in Section 2a). Further information: Cloudflare GDPR Trust Hub

To detect and defend against security incidents, certain personal data are processed on the basis of legitimate interests (Art. 6(1)(f) GDPR). See Section 2a.

The processing of extensive personal data is based on your voluntary consent pursuant to Art. 6(1)(a) GDPR, which you grant via our consent management tool:

Your consent enables us to improve the website, increase user-friendliness, and carry out statistical analyses in order to determine the market value of our web offering. The higher the number of visitors per country, the higher our market value there.

If you refuse consent, no corresponding processing using marketing cookies and tracking technologies will take place.

6. Rights of data subjects

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about the data stored about you at any time.

  • Right to rectification (Art. 16 GDPR): If data are incorrect, you may request their correction.

  • Right to erasure (Art. 17 GDPR): You may request the deletion of your data, provided there are no statutory retention obligations.

  • Right to restriction of processing (Art. 18 GDPR): You may, under certain conditions, request that the processing of your data be restricted.

  • Right to object (Art. 21 GDPR): You may object to the processing of your data.

  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection authority, for example with the

    Federal Commissioner for Data Protection and Freedom of Information
    Graurheindorfer Straße 153
    53117 Bonn
    Tel. +49 228 997799 0
    Fax +49 228 997799 5550
    Email: [email protected]
    Website: https://www.bfdi.bund.de

To exercise these rights, you can contact the operator of the website indicated in the Imprint.

7. Changes to this privacy policy

This privacy policy may be adapted to comply with legal requirements or to reflect changes in our services. The current version will be published on this website.

  1. The data mentioned may be transferred to third countries (e.g. the USA) where there is no equivalent level of data protection. Embedding only takes place with your active consent. ↩︎ ↩︎