PRIVACY POLICY

The purpose of this privacy policy is to inform visitors to our website and our customers persons interested about how personal data (data) is processed.

I. Who is responsible for processing the data and who can I contact?

Responsible body for the processing of data on this website:

tokenforge GmbH, Hohe Bleichen 8, D-20354 Hamburg

Tel.: +49 40 999 941 54

Email: info(at)token-forge.io

II. What data do we process?

1. Data transfer via the internet

When you visit this website, we will process your IP address, the date and time of your visit, information about the browser used including language settings and operating system, the address of the website from which you came to our website (referrer URL) as well as information about the files you accessed. Your browser automatically transfers this data to your internet provider, and your internet provider transfers it to us.

Why do we process this data?

We process this data so that you can load our website, to allow us to check and, if necessary, restore system security and stability, as well as for the purpose of obtaining statistics (see below). We are not able to assign this data to a particular person. The legal basis for this processing operation is Article 6 para 1(f) of the General Data Protection Regulation (GDPR). We have a legitimate interest in ensuring that our website is properly displayed on your screen, and in being able to identify and rectify the cause of any faults.

How long is this data stored for? Do I have to provide this data?

The data is stored in log files and automatically anonymized after 7 days.

There is neither a legal nor a contractual obligation for you to provide this data, nor is it required in order to conclude a contract with us. However, for technical reasons it would not be possible to visit our website without these data being processed.

Who processes the data?

Our website is hosted by Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103, USA). When you visit our website, Webflow collects certain log files and usage data, including IP addresses.

Details about data processing by Webflow can be found in their privacy policy.

Webflow is used based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable, secure, and efficient website performance. When consent is required, processing is based on Art. 6 para. 1 lit. a GDPR, particularly for cookie storage or device-specific access (e.g., for device fingerprinting) under § 25 para. 1 TDDG. Consent can be revoked at any time.

Order processing

We have an order processing agreement (DPA) with Webflow. This legally mandated contract ensures that Webflow processes personal data on our behalf, following our instructions, and in compliance with GDPR requirements.

2. Storage of cookies

We use cookies on our website. Cookies are small files that contain an ID number. Cookies are stored on your computer or mobile device when you access our website. When you access our website again, the ID number allows your computer or mobile end device to be recognized.

Why are cookies used?

Thanks to session cookies, you do not have to re-submit data on our website, even if you have visited other websites in the meantime. The purpose of these session cookies is to make using our website easier. Session cookies are used solely to improve user-friendliness. We also employ persistent cookies in order to collect statistical data on the use of our website, and to evaluate this for the purposes of optimizing our services.

The legal basis is Article 6 para 1(f) GDPR. We have an interest in enabling the user-friendly use of our website and in optimizing our website and/or documenting user decisions.

How long is this data stored for?

The following cookies will be erased after you close your browser: Session cookieThird-party cookiesThese cookies are placed by third parties. When you access third-party services, the third-party suppliers can use cookies to store and/or access data, which is outside our control.Name of the cookie: _pk_id.1.ae9f, _pk_ses.1.ae9f, _pk_ref.1.ae9fPurpose: Cookie belonging to the web analysis tool Matomo. For details see following paragraph.

WEB ANALYSIS BY MATOMO

This website uses the web analysis tool Matomo. Matomo uses cookies to carry out analyses. The information gathered through the cookies, e.g. time, location and frequency of your visit to the website, including your IP address, are transferred to our own analysis server and stored there. During this process, your IP address will be immediately anonymised so that you can remain anonymous as a user. No data is sent to external analytics or tracking services. You can prevent cookies from being installed by choosing appropriate settings on your browser software; however, we must make you aware that in this case, you may not be able to make full use of all the functions of our website.

Your visit to this website is recorded by Matomo Web Analysis by default.

How long is this data stored for? Do I have to provide this data?

The data will be held for 3 months. After that period only the results of the statistical analytics will be stored. This data does not contain any personal data anymore.

Most internet browsers accept cookies automatically. You can set your browser so that it does not accept cookies. You have to change the settings on each browser and each end device that you use separately.

Sie haben die Möglichkeit zu verhindern, dass von Ihnen hier getätigte Aktionen analysiert und verknüpft werden. Dies wird Ihre Privatsphäre schützen, aber wird auch den Besitzer daran hindern, aus Ihren Aktionen zu lernen und die Bedienbarkeit für Sie und andere Benutzer zu verbessern.

3. Contact form

We process the data you have provided in our contact form or sent to us by email in order to be able to process and answer your query.

Why do we process this data?

Under Article 6 para 1(a) GDPR, we are allowed to process data that you enter into our contact form provided you have given your consent to such processing by clicking the “submit” button. If you enter any sensitive information containing special categories of data (e.g. racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation) into the “message” field, you are giving your consent for this data to be processed. If you transmit this data to us by email, the legal basis is Article 6 para 1(f) GDPR. If you are also our customer, Article 6 para 1(b) GDPR also applies as a legal basis.

How long is the data stored for? Do I have to provide this data?

The data will be erased no later than 3 months after we receive your query, unless we are entitled or obliged to store the data for a longer period under statutory provisions in conjunction with Article 6 para. 1 (c) GDPR.

There is no obligation for you to provide this data, nor is it necessary for the conclusion of a contract with us. Use of the contact form requires an email address to be entered, however, because otherwise we will not be able to respond. If you enter any additional data, you do so on a voluntary basis.

4. Newsletters

If you have subscribed to one of our newsletters, we will process the data you provided when subscribing to the newsletter.

Why do we process your data?

We process your email address and your postal address for the purpose of regularly sending you our newsletter. Once you have subscribed to one of our email newsletters, we will send you an email with a confirmation link in order to verify your email address. The legal basis is the consent you gave to us when subscribing to the newsletter (Article 6 para 1(a) GDPR).

How can I unsubscribe from the newsletter? How long is the data stored for?

If you no longer wish to receive a particular newsletter, you can withdraw your consent to receiving the newsletter at any time without stating any reasons by sending an email to info[at]token-forge.io (for more information about the right to withdraw your consent, see V.).

The data which you provided when subscribing to the newsletter will be deleted without delay once you have withdrawn your consent or unsubscribed from the newsletter. If you are also our customer, partner or employee, this data may be retained for a longer period for other purposes, provided it is needed to perform a contract or employment contract, or is subject to statutory retention obligations.

Do I have to provide this data?

Our newsletter service is provided on a voluntary basis. However, we require your email address in order to send you our email newsletter, and to send you our newsletter by post we need your postal address. Further information is not required for receiving the newsletter. You are providing your name on a voluntary basis for the purpose of allowing us to address you personally.

5. Marketing and Sales Automation via HUBSPOT

We use HubSpot for marketing activities on our website. HubSpot is a software company from the USA with a branch office HubSpot Ireland Limited in 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

We use this integrated software solution for our own marketing, lead generation and customer service purposes. This includes email marketing, which regulates the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms.

HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable us to analyse your use of the website. HubSpot analyses the information collected (e.g. IP address, geographical location, browser type, duration of the visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited.

Information collected by HubSpot and the content of our website is stored on the servers of HubSpot’s service providers. Insofar as you have given your consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, the processing on this website is carried out for the purpose of website analysis.

Since HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified according to the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:

www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings. You can object to the processing of your personal data at any time with effect for the future.

III. What is the source of my data?

Generally speaking, we obtain your data from you. We do not process any data about you that originate from any other sources.

IV. Will my data be transferred to third parties?

We do not send any personal data of you to any third party that acts as a Data Controller. To provide our service we might use the service of Data Processors like the website hoster or an email provider. Any Data Processors will only process data under our instruction; they will not do so for their own purposes.

V. What rights do I have with respect to my data?

Under the provisions of Article 15 GDPR, you have the right to request information on whether we process your personal data and on which data we process. You have the right to request the rectification and completion of incomplete personal data pursuant to Article 16 GDPR. Under the provisions of Article 17 GDPR, you have the right to have your data deleted, or under the provisions of Article 18 GDPR, to have it made unavailable. Pursuant to Article 21 GDPR, you have the right to receive any data transmitted to us on the basis of consent or a contract, provided that the data is processed by automated means. If you wish, and if this is technically possible, we will transfer this data to a third party. In certain circumstances, your rights may be limited, or excluded, by law.

If we process data to safeguard our own interests exclusively on the basis of Article 6 para 1(f) GDPR, you have the right to object to your data being processed for reasons arising from your particular situation. Should you object, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing thereof, grounds which override your interests, rights and freedoms, or unless such processing serves for the enforcement of legal claims.

Furthermore, you may withdraw your consent to the use of your data for advertising purposes at any time without incurring any costs other than the cost of transmitting the notification at the basic rate. You have the right to object to being sent advertising emails at any time free of charge, for example by clicking on the unsubscribe button at the end of such an email. You also have the option to object by writing an unsubscribe(at)token-forge.io.

If you have given your consent to data processing, you have the right to withdraw that consent at any time. Withdrawing your consent will not affect the legality of processing until such withdrawal is received. You can object by writing an email to unsubscribe(at)token-forge.io. You can object by writing an email to unsubscribe(at)token-forge.io. Under 3.5, you may withdraw your consent to the use of marketing cookies at any time. Once your objection has been received, your data will no longer be processed. This shall not apply if we have the legal right or obligation to do so.

You have the right to lodge complaints in connection with data protection to a data protection authority, in particular to Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.