We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1. Responsible party
The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is DLC Distributed Ledger Consulting GmbH, Lange Reihe 73, 20099 Hamburg, Germany, phone: +49 40 88369186, e-mail: [email protected] The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2. Data encryption
For security reasons and to protect the transmission of personal data and other confidential content, such as orders or requests that you send to us as the responsible party, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.
3. Data collection when visiting our website
3.1 In the case of merely informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only process data that your browser transmits to our server (so-called “server log files”). In this case, we process the following data, which are technically necessary for us to display the website to you:
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in ensuring and improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files subsequently, should concrete indications point to an illegal use.
3.2 When you register for the newsletter or order our product, we collect the relevant information for this purpose. This includes, among other things, your e-mail address and/or, if you opt for our physical package, your postal address. For further data processing, we also use third-party software in this course, namely HubSpot, CleverReach and MailChimp, to which the data is transferred. The legal basis for this processing and transfer is your respective express consent (Art. 6 para. 1 lit. a GDPR). With service providers or third-party providers, we have each concluded a contract on data processing and, where required, the standard contractual clauses laid down by the EU Commission (hereinafter “standard contractual clauses”).
3.3 If you access our website via a QR code, we track this access in order to obtain various evaluations relating to customer behavior and interactions with our website. The legal basis for this processing is your explicit consent (Art. 6 para. 1 lit. a GDPR).
3.4 We also track the assignment of voucher and discount codes to individual users. We store which e-mail address (e.g. via newsletter) or which user name (social media) has received which voucher or discount code and by whom this code is used. If the voucher or discount code was shared via social media, we also track this. The legal basis for this processing is your explicit consent (Art. 6 para. 1 lit. a GDPR).
4. External hosting by Heroku
4.1 This website is hosted by an external service provider (hoster).
4.2 The host is Heroku Inc, a subsidiary of Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter referred to as “Heroku”). Personal data collected on this website is stored on Heroku's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
4.3 Heroku is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
4.4 To ensure data protection-compliant processing, we have concluded an order processing agreement and standard contractual clauses with Heroku. You can view those here:
5.1 We use so-called cookies on various pages to make visiting our website more attractive and to enable the use of certain functions. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies).
5.2 Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
5.3 If personal data is also processed by individual cookies implemented by us, the processing is done in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your express consent.
5.4 We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed about the use of such cookies and the scope of the information processed in each case before the processing begins and within the paragraphs below.
5.5 Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Please note that if you do not accept cookies, the functionality of our website may be limited.
When contacting us (e.g. via contact form or e-mail), personal data is processed. Which data is processed in the case of a contact form can be seen from the respective contact form. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
7. Social media profiles
7.1 We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below. Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection.
7.2 In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is done, for example, via cookies that are stored on your end device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Insofar as both the respective social media platform and we process your personal data, we are jointly responsible with the respective social media portal for data processing within the meaning of Art. 26 GDPR, insofar as a joint decision on data processing has actually been made and both the respective social media platform and we have an influence on the data processing. To the extent possible, we have entered into joint responsibility agreements with the social media platform pursuant to Art. 26 GDPR. In principle, you can assert your rights (right to information pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 18 GDPR, right to data portability pursuant to Art. 20 GDPR and right to complaint pursuant to Art. 77 GDPR) both against the respective social media platform and against us. Since we have no full control over the data processing, we will forward your request to assert your data subject rights to the social media portal if necessary. Our options depend largely on the corporate policy of the respective provider.
7.5 Social platforms in detail
Wir verwenden darüber hinaus die unter https://www.facebook.com/legal/terms/businesstools aufgeführten Facebook-Business-Tools, um Leistungen unserer Produkte und Dienstleistungen besser verstehen und messen zu können. Gleichzeitig können wir damit Personen, die unsere Produkte und Dienstleistungen nutzen oder daran Interesse haben, besser erreichen und diesen einen besseren Service bieten. Facebook erhält Daten der Business-Tools als Impressionen und Klickdaten (z. B. „Gefällt mir“-Angaben oder die Anzahl der Klicks auf den „Teilen“-Button), die durch soziale Plugins von Facebook und Facebook Login übermittelt werden, sowie Daten von bestimmten APIs, beispielsweise den Messenger-Kundenabgleich von der Send API oder aus bestimmten Pilot-, Test-, Alpha- oder Beta-Programmen, die Facebook von Zeit zu Zeit anbietet. Hierfür gilt der sog. „Zusatz für Verantwortliche“ (https://de-de.facebook.com/legal/controller_addendum), um die jeweiligen Verantwortlichkeiten für die Erfüllung der Verpflichtungen gemäß der DSGVO hinsichtlich der gemeinsamen Verarbeitung festzulegen. Wir sind verpflichtet, den Ihnen diese Informationen zur gemeinsamen Verantwortlichkeit mit Facebook bereitzustellen. Facebook ist für die Erfüllung der Rechte betroffener Personen gemäß der Art. 15–20 DSGVO hinsichtlich der von Facebook nach der gemeinsamen Verarbeitung gespeicherten personenbezogenen Daten verantwortlich. Die gemeinsame Verantwortlichkeit besteht bei der Erhebung oder dem Erhalt im Rahmen einer Übermittlung, hingegen nicht bei der weiteren Verarbeitung von sog. „Event-Daten“ (im Sinne der Ziffer 1. a. ii. der Nutzungsbedingungen für Facebook Business-Tools), die Facebook mittels der in unsere Websites integrierten Facebook-Social-Plugins und Einbettungsfunktionen für Inhalte erhebt oder im Rahmen einer Übermittlung erhält, um Inhalte und Werbeinformationen anzuzeigen, die den unterstellten Interessen der Nutzer entsprechen, oder kommerzielle bzw. transaktionsbezogene Nachrichten zu übermitteln oder die Anzeigenauslieferung und Personalisierung von Funktionen und Inhalten, insbesondere Werbeinformationen, zu verbessern. Wenn Facebook uns aggregierte und anonymisierte Messwerte, Analysen und Berichte bereitstellt, erfolgt dies nicht im Rahmen der gemeinsamen Verantwortlichkeit. Vielmehr wird Facebook in diesem Fall als Auftragsverarbeiter tätig.
The data collected about you will be processed by Facebook and may be transferred outside the European Union, which could make it more difficult to enforce your rights. To the extent that Facebook processes personal data as a (joint) controller, the standard contractual clauses set forth by the EU Commission (https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32004D0915). apply. To the extent Facebook processes personal data as a processor, the “Data Processing Terms and Conditions” available at https://www.facebook.com/legal/terms/dataprocessing/update and the “Facebook EU Data Transfer Addendum” available at https://www.facebook.com/legal/EU_data_transfer_addendum which also incorporates the standard contractual clauses for processors (without the illustrative optional clauses). The latter are available here: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=CELEX%3A32010D0087.
You have the option to object to the processing of your data by Facebook under the following link: https://www.facebook.com/settings?tab=ads.
8.1 In order to process your order, we cooperate with the following service providers, which support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.
8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name as well as your delivery address and, if necessary for the delivery, your telephone number to a shipping partner selected by us exclusively for the purposes of the delivery of goods Art. 6 para. 1 lit. b GDPR.
8.3 Use of payment service providers (payment services)
If you choose a payment method of the payment service provider Stripe, the payment is processed via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy.
9.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
9.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
10. Duration of storage of personal data
10.1 Unless otherwise stated, the duration of the storage of personal data depends on the respective legal basis, the purpose of processing and – if relevant – additionally on any retention periods under tax and commercial law.
10.2 Your data will be stored by us after your express consent in accordance with Art. 6 para. 1 a GDPR until you revoke your consent. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. If legal retention periods exist for the storage of your data processed during legal or quasi-legal obligations, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for processing for the fulfillment of a contract or contract initiation pursuant to Art. 6 para. 1 lit. b GDPR and/or there is no legitimate interest on our part in the continued storage pursuant to Art. 6 para. 1 lit. f GDPR.
10.3 Your personal data stored on the legal basis of processing to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR will be stored for the duration of the existence of our legitimate interest or until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defense of legal claims.
10.4 Your data stored on a legal basis for the purpose of direct marketing pursuant to Art. 6 para. 1 lit. f GDPR will be stored for the duration of the existence of this purpose or until you exercise your right to object pursuant to Art. 21 para. 2 GDPR. Your stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed. This does not apply if the other information in this statement about specific processing situations indicates otherwise.
10.5 You are under no legal or contractual obligation to provide us with your personal data. However, it is possible that certain functions of our websites depend on the provision of personal data. If you do not provide personal data in these cases, this may result in functions not being available or only being available to a limited extent.