(Version: July 2019)
What is Personal Data?
Personal data (“data”) is processed by us only within necessary scope and for the purpose of providing a functional and user-friendly Internet presence, including contents and the services offered there.
‘Processing’ of data means any operation or set of operations which is carried out with or without the aid of automated processing and which involves personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or integration, limitation, erasure or destruction.
The legal basis for data protection can be found, in particular, in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation”, GDPR), as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the Telemedia Act (Telemediengesetz, TMG).
Responsible for data processing is:
Hill Dickinson Llp, The Broadgate Tower, 20 Primrose Street, London, EC2A 2EW, United Kingdom
registered with the Register of England and Wales under the company number 09366948
represented by the managing directors Meinhard Benn, Alexander Wilke
The entity responsible for data processing is the natural or legal person who on its own or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses).
Scope of Data Processing
The data is processed by us within the framework of our services on the website https://satoshipay.io (“Website” or after successful registration also “Service”) or for the purposes of the provision of software and hardware by third parties.
Our Service or the necessary processing of data for such is described in more detail in the applicable contracts General Terms and Conditions of SatoshiPay Ltd for the Delivery of Digital Content or General Terms and Conditions of SatoshiPay Ltd for the Purchase of SatoshiPay Coupons (link). The data processing by the content providers is described in more detail in the Framework Agreement for Digital Content (link).
We process contact information, usage data or other information that you provide to us.
We process your personal data for the following purposes:
- Communication or storage/processing of data in order to establish, execute and/or process a contractual relationship (also verbally) with you (legal basis: Art. 6 para. 1 lit. b. GDPR);
- Compliance with legal obligations (e.g. commercial or tax retention obligations) (legal basis: Art. 6 para. 1 lit. c. GDPR);
- Assertion, exercise and defence of legal claims (legal basis: Art. 6 para. 1 lit. f. GDPR), whereby our legitimate interest lies in the assertion of legal claims and defence in legal disputes;
- With your consent for the purposes mentioned when granting it (legal basis: Art. 6 para. 1 lit. a. GDPR or Art. 9 para. 2 lit. a. GDPR for special categories of personal data); or
You provide us with data insofar as this is necessary for the aforementioned purposes. Failure to provide the data may have legal disadvantages for you, such as the loss of legal positions, for example no response to your inquiry.
Furthermore, we have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.
You have the following rights:
- the right of access,
- the right to rectification or deletion,
- the right to restriction of processing,
- the right to data portability,
- the right to withdraw a consent given by you.
- You also have the right, for reasons related to your particular situation, to object at any time to the processing of your personal data pursuant to art. 6 par. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
To exercise your above mentioned rights you can contact firstname.lastname@example.org.
You also have the right to file a complaint with a data protection supervisory authority about the processing of your personal data by us (e.g. for Berlin to the Berlin Commissioner for Data Protection and Freedom of Information, email: email@example.com).
Storage and Deletion of Data
In general, we store your personal data only as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.
We or the third party providers used will further delete the data in accordance with the following criteria: Time schedule and handling of a request, default settings of the third party provider, etc. We also store your data if we are obliged to do so in accordance with statutory retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) or the German Tax Code (Abgabenordnung, AO)). In order to preserve evidence, we may also store data within the framework of the statute of limitations, whereby these statutes of limitations according to section 195 seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB) generally amount to three years and begin to run at the end of the year in which the claim arose.
Contact, Contact Form and Emails
If you write to us via the Website using the contact form, send an email or otherwise contact us, your details from the respective enquiry, including the contact data, name and email address you provided there or any other data you provided, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. This data will only be processed with your consent (legal basis Art. 6 para. 1 lit. a. GDPR) or on the basis of an initiating or existing business relationship with us (legal basis Art. 6 para. 1 lit. b. GDPR).
For the contact form on our Website, we use the service by “Hubspot”.
With our newsletter we inform you about us and our services.
All you need to register for the newsletter is your email address. If you register for the newsletter, your email address will be transmitted to us (or our mail provider) and stored there. After registration you will receive an email to confirm your registration (‘double opt-in’). The following data will be processed when you register for the newsletter:
Contact data (email address, name if applicable), device data (device name, country code if applicable, language, name of operating system and version), connection data (IP address, mail provider)
This storage serves as proof in the event that a third party misuses an email address and registers for receiving the newsletter without the knowledge of the authorised party.
The data processing necessary for sending the newsletter is based on your consent (legal basis Art. 6 para. 1 lit. a. GDPR).
OPT-OUT/WITHDRAWAL: You can withdraw your consent to the processing of data for the purpose of sending the newsletter at any time. The opt-out can take place via a link, which is contained in each newsletter, or by separate message to us. You will not incur any costs other than the transmission costs according to the basic tariffs.
DATA PROCESSING WHEN VISITING THE WEBSITE
Visiting the Website
We (or the web space provider) collect data about each visit to our Website (so-called server log files). These data include:
Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, operating system, referrer URL (the previously visited page), IP address and the requesting provider
And additionally when using a mobile device (if necessary):
Country code, language, device name, name of operating system and operating version
We use these access data for statistical evaluations for the purpose of optimising our Website and for reasons of data security in order to guarantee the stability and operational safety of the Website. If personal data (such as the IP address) is stored, this is done on the legal basis of Art. 6 para. 1 lit. c. GDPR or Art. 6 para. 1 lit. f. GDPR due to our legitimate interest of quality assurance.
Our Website partly uses so-called cookies. Cookies do not damage your end device and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your device and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. The session cookies are needed to match successive page views to the respective visitors of the website who simultaneously access our Website. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
OPT-OUT: You can set up your browser in a way that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate automatic deletion of cookies when you close your browser. You can manage many online ad cookies from companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to point out that deactivating cookies may limit the functionality of this Website.
browser type/version; operating system used; referrer URL (previously visited page); host name of accessing computer (IP address); time of server inquiry when using the website
are generally transmitted to and stored by Google on a server in the United States, whereby – due to the activation of IP anonymization on the website – the IP address is previously abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address will therefore not be transmitted to and truncated by Google on servers in the United States. IP anonymization is active on the Website. Google will use this information on our behalf to evaluate the use of the Website, to compile reports on website activity and to provide us with other services relating to the use of the Website and the internet.
OPT-OUT: In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including the IP address) and from processing this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de=en.
Google LLC is certified according to the ‘Privacy Shield’ agreement between the European Union and the USA and thus guarantees compliance with European data protection regulations (see: https://www.privacyshield.gov/). For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google that is responsible for processing your data and complying with applicable data protection laws.
For the operation of the Website we use the third party service Hubspot, which analyzes and classifies requests via the contact form on the Website on our behalf (see: https://legal.hubspot.com/dpa). Hubspot is a software company based in the USA (HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) with EU-headquarter in Ireland (HubSpot, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland).
If this function is approved and used, the following data will be transmitted to Hubspot’s servers:
Content of all messages sent and received via the contact form, context information, and, if applicable, email address or other contact information (if provided).
Hubspot is certified in accordance with the ‘Privacy Shield’ agreement between the European Union and the USA and thus guarantees compliance with European data protection regulations (see: https://www.privacyshield.gov/).
If you do not wish Hubspot to process your data, we recommend that you contact us in another way (e.g. by email) instead of using the contact form.
OPT-OUT: If you do not wish Hubspot to collect your data, you can prevent the storage of cookies at any time using your browser settings or contact Hubspot directly by e-mail at firstname.lastname@example.org or by post at HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, Attention: Privacy.
DATA PROCESSING WHEN USING OUR SERVICES FOR USERS OR CONTENT PROVIDERS
Use of the Service as a user for the acquisition and use of digital vouchers (SatoshiPay coupons) or the delivery of digital content from third parties (content providers) using a widget
In order to be able to use our Service for users (consumers or entrepreneurs), the user is required to enter certain information via a widget displayed on our website or a third party website (widget = clickable element on a website or mobile page for interaction with the user). We request and process, among other things, contact data and usage and traffic data for the purpose of purchasing and using digital vouchers (SatoshiPay coupons) or delivering digital content from third parties (content providers).
The data processing for the purpose of the offer for users is described in detail in the underlying contracts General Terms and Conditions of SatoshiPay Ltd for the Delivery of Digital Content or General Terms and Conditions of SatoshiPay Ltd for the Purchase of SatoshiPay Coupons (link).
Thereby, among other things,
- Contact data (email address) of the user are processed for the purpose of logging in to their user account;
- Data for the performance of the transactions (transaction data) in order to execute the payment process are stored in a pseudonymized way in a blockchain and processed;
- Transaction data are stored and processed for billing and monitoring purposes;
- Contact and content data (email address, enquiries) for enquiries to our customer service are stored and processed by us or the provider we use, Zendesk (link).;
- traffic data (from which page the user comes, time of the request or sequence of requests via the browser, etc.) are collected, stored and processed to combat fraud and improve our services;
- location data (IP address) are processed for the correct collection of sales tax.
The processing of the data when using our Service for users is usually carried out on the legal basis of Art. 6 para. 1 lit. b. GDPR based on the incipient or existing contractual relationship with us. We also process user data on the basis of our legitimate interests in preventing fraud and improving our Service (legal basis: Art. 6 Para. 1 lit. f. GDPR).
No processing of payment data by us when using the Service
When topping up the available credit for the use of the Service, for example by credit card or Paypal, your payment data are not processed by us, but exclusively by the respective payment provider. For this purpose you are referred from our Website to the webpages of the respective payment provider, where payment data is collected and processed.
Use of the Service as a content provider (companies)
In order to be able to use our Service for content providers (companies), a registration via our Website is necessary. The contact data (email address), content, usage and traffic data are requested and processed by us.
For or after successful registration as a content provider, data is processed for the purpose of offering content to content providers, as described in more detail in Framework Agreement for Digital Content (link). We process contact and content data for the use of the Service as well as traffic data (time of the inquiry and/or sequence of the inquiries via the browser etc.) for fraud prevention and improving our products. We process location data (IP address) for the correct collection of sales tax. For the activation of higher turnover limits for content providers, further documents and information are collected (e.g. address, bank data, identification documents, address verification documents, certificate of incorporation, tax registration documents, telephone number, name of contact person, social media account names). A public blockchain payment address is collected for the payment of the turnover and the corresponding data for the execution of the transactions (transaction data) is stored by us.
The processing of the data when using our Service for content providers is usually happens on the legal basis of Art. 6 para. 1 lit. b. GDPR based on the incipient or existing contractual relationship with us. We also process the data on the basis of our legitimate interests in fraud prevention and improving our services (legal basis: Art. 6 para. 1 lit. f. GDPR). Insofar as we are subject to money laundering or other legal obligations, we also process the data on the basis of the legal obligation to do so (legal basis: Art. 6 para. 1 lit. c. GDPR). Data processing by us may also be carried out on the basis of the respective consent of the data subject (legal basis: Art. 6 para. 1 lit. a., 9 para. 2 lit. a. GDPR).
TRANSFER OF DATA TO THIRD PARTIES, DATA PROCESSING INSIDE AND OUTSIDE OF THE EU
As a matter of principle, we only pass on your data to third parties if you have given your consent (or if there is any other legal basis) or if we are legally obliged to do so. For the purposes of data processing listed here, we use third-party providers who process your data within and outside the EU. You can also contact us at email@example.com for further information.
We use the following third parties who process data in the EU and possibly also in other EU countries:
|Third Party||Purpose / Activity||Further Information||Data processing inside and outside the EU and safeguard measures taken|
|HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) with EU headquarters in Ireland (HubSpot, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland)||analysis of contact requests||https://legal.hubspot.com/de/privacy-policyhttps://legal.hubspot.com/de/cookie-policy||The data is processed on servers in the EU and the USA. HubSpot, Inc. is certified according to the EU-US Privacy Shield, which guarantees compliance with a data protection process that complies with EU regulations. More information: https://www.privacyshield.gov|
|AWS (inter alia Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA, USA)||server/cloud services||https://aws.amazon.com/privacy/https://legal.hubspot.com/dpa||The data is processed on servers in the EU.Amazon Web Services, Inc. is certified according to the EU-US Privacy Shield, which guarantees compliance with a data protection process that complies with EU regulations. More information: https://www.privacyshield.gov|
|Google (inter alia Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA)||Google Analytics; Google Cloud (Server/Cloud services)||http://www.google.de/policies/privacy/, https://cloud.google.com/terms/data-processing-terms, https://support.google.com/analytics/answer/3379636?hl=de||The data is processed by the Google Cloud on servers in the EU (and anonymized in the USA, see above Google Analytics). For users who have their usual place of residence in the European Economic Area or Switzerland, Google Ireland Limited is the responsible party for your data, unless otherwise stated in the privacy notices of a particular service. The US company (Google LLC) processes the data in the USA and is certified in accordance with the EU-US-Privacy-Shield agreement, which guarantees compliance with data protection regulations in the EU. More information: https://www.privacyshield.gov|
|Zendesk (inter alia Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA)||customer service||https://www.zendesk.de/company/customers-partners/eu-data-protection/||The data is processed on servers in the EU and the USA. Zendesk, Inc. is certified according to the EU-US Privacy Shield, which guarantees compliance with a data protection process that complies with EU regulations. More information: https://www.privacyshield.gov|
If we (SatoshiPay Ltd) process data outside the EU due to the termination of EU membership (“Brexit”), we will do so on the basis of so-called EU standard contractual clauses, which guarantee compliance with the corresponding data protection in the EU (see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en_en). We will inform you separately about details or - if necessary - provide a separate agreement.