Data protection / Privacy Policy
Provision of information pursuant to Art 13 of the General Data Protection Regulation 2016/679/EU ("GDPR") regarding the processing of personal data in the context of visiting and using the website https://www.marcel-haas.com/ ("Website").
Thank you for your interest in our Website. The protection of your privacy is of high priority to us. Consequently, we only process your personal data on the basis of legal requirements set by the GDPR as well as other relevant legal provisions.
In general, you are not obligated to provide data due to statutory or contractual requirements. Data processed automatically when accessing the Website are either not personal data or are stored only for short periods (cf. point 6.1). However, if you decide to contact us via the contact options presented on the Website respectively in the course of this Data Protection Declaration, you have to provide us certain of your data being necessary for the processing of your respective request (cf. point 6.2). Furthermore, in cases where you wish to make use of further services offered via our Website (cf. point 6.3), you have to provide us any data deemed necessary for contract conclusion and execution in the respective case. Should you refuse disclosure of your relevant data for the respective purpose, we may not be able to process your request or render our services to you. The individual processing activities in the context of accessing and using our Website are highlighted in detail under point 6.
GlobalFintech Services EOOD
R-N Mladost,
Zapadna Industrial Zone Star Domostroitlen Kombi, ul.
"Usta Kolyu Ficheto",
9009 Varna,
Bulgarien
1. Definitions
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. As such, the broad definition of processing (Art 4 item 2 GDPR) of personal data means any operation or set of operations performed on personal data. Any information allowing us or third parties to potentially identify you in person can be considered your personal data, which makes you a data subject (Art 4 item 1 GDPR) within this context.
3. Links to third-party sites
On our Website and in this Data Protection Declaration, we may use links to websites of third parties. If you click on one of these links, you will be forwarded to the respective website. For the operators of these websites, it is only evident that you have accessed our Website beforehand. However, please be aware that accessing third-party sites results in additional processing of your data in the sphere of the respective third party! Accordingly, we refer you, in general, to the separate data protection declarations of these websites.
4. Rights of the data subject
You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 2; we shall then answer your request as soon as possible and within one (1) month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):
Access to and further information concerning your individual data processed by us (right of access, Art 15 GDPR);
Rectification of wrongly recorded data or data that have become inaccurate or incomplete (right to rectification, Art 16 GDPR);
Erasure of data which (i) are not necessary in light of the purpose of data processing, (ii) are processed unlawfully, (iii) must be erased due to a legal obligation or an objection to the processing (right to erasure, Art 17 GDPR);
Temporary restriction of processing under certain circumstances (right to restriction of processing, Art 18 GDPR);
Objection to any processing of your data being based on our legitimate interest (for definitions see point 6) on grounds relating to your particular situation or being executed for direct marketing purposes (right to object; Art 21 para 1 and 2 GDPR);
Transfer of your personal data which are processed for the performance of a contract or on the basis of your consent in a machine-readable format to you or directly to another controller upon request (right to data portability; Art 20 GDPR);
Right to lodge a complaint with a national supervisory authority in respect of our processing of your data (Art 77 GDPR).
5. Transfer of your data; recipients; transfer mechanism re international transfers
For the purposes executing the data processing activities as indicated in the course of this Data Protection Declaration, we may transfer your personal data to the following recipients or make them available to them:
Hetzner Online GmbH [Gunzhausen, Germany] (as our hosting provider – cf. point 6.1);
Volentio JSD Limited [England, UK] (as provider of a CDN service used in the context of our Website – cf. point 8.3.2);
Amazon Web Services [WA, US] (as provider of a CDN service used in the context of our Website – cf. point 8.3.2);
Google LLC [CA, US] (as provider of web fonts embedded into our Website – cf. point 8.3.1).
Some of the mentioned recipients are respectively their server landscape is located outside of the EU/EEA, or they use (further) processors to render their services to which this applies. Possible transfers of your data within this context into the legal sphere of such third parties are based on the following transfer mechanisms:
Volentio JSD Limited – adequacy decision of the EU Commission in the sense of Art 45 GDPR concerning the UK;
Amazon Web Services, Inc.; Google LLC – respective company's certification according to the "EU-US Data Privacy Framework" pursuant to the adequacy decision of the EU Commission in the sense of Art 45 GDPR concerning the US (cf.: https://www.dataprivacyframework.gov/list).
6. Data processing operations
In the subsequent section, data processing operations that may occur when accessing or using our Website are described in detail. Within this context, we provide you with information on the essential elements of each data processing operation, namely (a) type and extent (when and how), (b) purpose (why) as well as (c) the storage period of your data (how long). Moreover, we inform you about the legal basis which we use to justify the respective data processing operation as required by the GDPR.
6.1. Processing of traffic data; server log files
(a) Type and extent of data processing: You can visit our Website without providing any personal information. However, out of technical necessity, so-called "traffic data" are processed automatically when a website is accessed. Within this context, in particular, the following categories of traffic data can be transferred to the server that is requested to provide a respective website or file:
Implicit access data (automatic, inevitable and unsolicited transmission): IP address used, user agent (browser type/version used), accessed site (URL), previously visited website (referrer URL), time of the access request, language settings.
Implicit access data (transmission where provided for in the source code of the respective service): screen resolution, colour depth, time zone, touchscreen support, browser plugins.
Traffic data will be stored by us in so-called "server log files". Hosting provider of our Website is Hetzner Online GmbH (cf. point 5). Traffic data may also be transferred to providers of third-party services embedded into our Website (cf. point 8.).
(b) Legal basis and purpose: The purpose of this data processing operation is to establish and maintain technical security with regards to our Website. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object", see point 4) in achieving the mentioned purpose.
(c) Storage period: Server log files are stored as long as they are necessary for the abovementioned purpose and subsequently erased (usually 1 month).
6.2. Contacting
(a) Type and extent of data processing: When contacting us via the contact details provided on our Website (e.g., in the imprint), we will use your data as indicated in order to process your contact request and deal with it. Certain additional information may be provided voluntarily. The data processing involved is necessary to issue a response in respect of your request.
(b) Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users of the Website respectively our customers. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object" see point 4) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. As far as your request is based on an existing contractual relationship with us or you are interested in establishing said contractual relationship, the processing is based on the performance of the corresponding contract, or on taking steps prior to entering into a contract with you at your request (Art 6 para 1 lit b GDPR).
(c) Storage period: We delete your requests as well as your contact data if the request has been answered conclusively if the data must not be further processed for different purposes (e.g., for the fulfilment of legal documentation obligations).
6.3. Services offered via the Website; customer account
(a) Type and extent of data processing: Our Website is designed to tailor our entrepreneurial service offerings to your needs. Should you decide to use the services we offer (e.g., token purchases), we will need to process certain data from you that is necessary for contract execution and performance – this may require the creation of a customer account. If you participate in our customer programs, this includes the processing of your data according to the respective program conditions and necessities. Additionally, we may process customer identification data according to point 6.4.
(b) Legal basis and purpose: Processing of your data within the context of our service range serves the purpose that we can pursue our business activity and provide our services accordingly; it is necessary for the performance of the respective contract concluded with you respectively to take steps at your request prior to entering into a contract (Art 6 para 1 lit b GDPR).
(c) Storage period: We will store your data for the duration of the respective customer relationship (dependent upon the individual services rendered) and subsequently erase your data if they must not be further processed for different purposes (e.g., for the fulfilment of legal documentation obligations).
6.4. Customer identification to prevent money laundering and terrorism financing
(a) Type and extent of data processing: If you wish to purchase specific products or services through our Website, we may additionally collect data from you based on the "Know-Your-Customer" principle in accordance with the relevant regulations to prevent money laundering and terrorist financing. For this purpose, at the inception of the contractual relationship, we collect data to particularly establish your unique identity (cf. the corresponding subscription form for data collection).
(b) Legal basis and purpose: We process your data in this context to establish customer identity and assess the transaction – depending on the product or service – on the basis of our corresponding legal obligation (Art 6 para 1 lit c GDPR) or – in the absence of a specific obligation – on the basis of our legitimate interest (Art 6 para 1 lit f GDPR), which consists of making a valuable contribution to preventing abuse and fraud, particularly with regard to preventing money laundering and terrorist financing (for the "right to object", see point 4).
(c) Storage period: The data processed in this regard will be stored for the duration of the respective legal retention requirement, unless they need to be further processed for other designated purposes (data from voluntary "Know-Your-Customer" checks for a period of five [5] years). Longer retention periods may arise from expactable legal claims. All Data is delete by the time the KYC operator approves the request.
6.5. Functional third-party implementations
(a) Type and extent of data processing: Due to third-party software/services which used in the context of our Website, additional data processing activities may be initiated for different purposes. The specific services and their functionality are briefly described under point 8.2; further information can be found in detailed descriptions under point 8.3.
(b) Legal basis and purpose: Within the framework of the respective service, we use collected data in order to improve our services or make them more attractive or secure The relevant legal basis is stated in the description of the respective service.
(c) Storage period: We store generated data in accordance with the requirements and possibilities stipulated by the relevant service for as long as it is necessary to fulfil the respective processing purpose.
7. Cookies
On our Website, we use cookies being technically necessary and essential (i.e., necessary cookies, see below) for its proper functioning and process your data on the basis of our accompanying legitimate interest (Art 6 para 1 lit f GDPR), as far as personal data are involved (for the "right to object", see point 4).
Cookies are small data sets that are stored on your end device by your respective browser. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense a cookie assigns a specific identity consisting of numbers and letters to your end device. Cookies can fulfil different purposes, e.g., helping to maintain the functionality of websites with regard to state of the art functions and user experience. The actual content of a specific cookie is always determined by the website that created it. Cookies always contain the following information:
Name of the cookie;
Name of the server the cookie originates from;
ID number of the cookie;
An end date at the end of which the cookie is automatically deleted.
Cookies can be differentiated according to type and purpose as follows:
Necessary cookies: Technically necessary (also: essential) cookies are required for the proper functioning of websites by enabling basic functions, such as site navigation and access to protected areas. Without such cookies, a website regularly fails to be fully functional. Necessary cookies are always first-party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below).
Other types of cookies: Cookies not being technically necessary in the described manner can serve different purposes and be classified accordingly (e.g., "analytics cookies" to analyse user behaviour and create statistics, "marketing cookies" to track users across websites to display personalised advertisements, "plugin cookies" used in the course of embedding third-party services into a website).
With regard to the storage period cookies can be further differentiated as follows:
Session cookies: Such cookies will be deleted without any action on your part as soon as you close your current browser session.
Persistent cookies: Such cookies (e.g., to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed.
Furthermore, cookies may be differentiated by their subject of attribution:
First-party cookies: Such cookies are used by ourselves and placed directly from our Website. Browsers generally do not make them accessible across domains which is why the user can only be recognised by the page from which the cookie originates.
Third-party cookies: Such cookies are not placed by the website operator itself, but by third parties when visiting a specific website, in particular, for advertising purposes (e.g., to track surfing behaviour). They allow, for example, to evaluate different page views as well as their frequency.
Most browsers automatically accept cookies. You have the option to customise your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g., limiting refusal to third-party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable. Via the browser settings, you also have the option to delete the entirety of cookies already stored on your end device.
Specifically, we use the following cookies:
8. Third-party services
8.1. General explanations
Purpose of processing: In order to make our Website more secure, optimise it for its intended purposes, provide necessary or useful functions in regards to an economically viable pursuit of our business activity as well as to make available services to users that are usually expected in our line of business, we utilise a variety of services on our Website which are rendered by third-party service providers and subsequently described below.
Necessary processing: From a purely technical perspective, certain traffic data are transferred when visiting any website, and may be transferred to implemented services as well (cf. point 6.1). Any such transmission of traffic data that is technically necessary is based on our legitimate interest (Art 6 para 1 lit f GDPR) in integrating the respective services with adequate effort into our Website (for the "right to object", see point 4). Any further use of traffic data within this context is grounded on a separate legal basis pursuant to the specific information provided below.
8.2. Overview and brief summary
Subsequently, you can find a brief summary of services used as well as accompanying basic legal information. If you press on the name of one of the services, you will be transferred to the data protection declaration of the respective service provider. Please be aware that accessing third-party sites results in additional processing of your data in the sphere of the respective third party (cf. point 3). For further information of the respective recipients of your data within that context, please cf. point 5.
8.3. Individual third-party services
8.3.1. Google Fonts
On our Website, we use digital fonts provided by Google LLC (CA, US), namely "Google Fonts", as they are optimised for websites and allow us to save bandwidth. This leads to reduced loading times for the Website (using Google's respective CDN [cf. point 8.3.2]) as well as to a uniform appearance on all common browsers and end devices. Due to our use of Google Fonts, your traffic data (cf. point 6.1) will be transferred to Google servers when accessing the Website.
Utilisation of Google Fonts is based on our legitimate interest in realising an appealing and uniform web appearance (Art 6 para 1 lit f GDPR; for the right to object, see point 4). Data processing follows the purpose of making our Website more appealing to potential users. Google Ireland acts as independent controller of any transferred data in this regard, using them for analysis purposes. For further information on data usage by Google Ireland and affiliated companies as well as your options in terms of settings and objection, please review the data protection declaration of Google under https://policies.google.com/privacy?hl=en. More information on Google Fonts specifically can be found at https://developers.google.com/fonts/faq.
8.3.2. Content Delivery Networks
On our Website, we use so-called Content Delivery Networks ("CDN"). A CDN operates by duplicating elements of websites and storing them on servers distributed across various locations, or by loading specific types of content, such as images or other media (storing and distributing only the designated content types). This distribution minimizes the risk of server overload by spreading the load across multiple points. Additionally, CDN enhance website accessibility speed by serving content from the closest and fastest server to each user's location. This architecture ensures efficient delivery of website content, optimizing the user experience. Due to our use of CDN, your traffic data (cf. point 6.1) will be transferred to servers of the respective provider.