Data Policy

PRIVACY NOTICE

First Coin GmbH (“First Coin”, “we”, “us”, “our”) protects your privacy and your private data. The protection of personal data is important to us. First Coin collects, processes and uses your personal data in accordance with applicable European and German data protection laws. This includes, in par-ticular, the EU General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (“BDSG”) and – where applicable – the Telecommunications Telemedia Data Protection Act (“TTDSG”).

With this privacy policy (the “Privacy Policy”), we inform you about how we handle data in connection with our online presence at www.firstcoin.de that can be personally related to you, e.g. name, address, e-mail addresses, but also information about your visit to and use of our website.

We collect your personal data for clearly defined purposes. The details of this are set out below. If we intend to process your data for other purposes in the future, we will provide you with the relevant information in good time beforehand.

1. Controller
The responsible party for the collection and processing of your personal data within the meaning of Article 4 No. 7 of the EU General Data Protection Regulation (Regulation (EU) 2016/679 (” GDPR “)) is.

First Coin GmbH
Address: Neue Mainzer Str. 46-50
60311 Frankfurt am Main
E-mail: hello[at]firstcoin[dot]de
Phone: +49 69 34868353 0

Further information about us can be found in the imprint.

2. Obligation to provide data
Unless otherwise indicated on our website (usually by an asterisk and an explanation that the fields marked in this way are mandatory), the provision of your personal data is neither legally nor contrac-tually required. However, without the provision, the service and functionality of our website are not guaranteed. In addition, individual services and services may not be available or may be limited.

3. Purposes of data processing, information on the legal basis and on recipients of the data

3.1 Visiting our website
In order to provide our services via our website and to ensure their functionality, the web server au-tomatically records your visit in so-called server log files when you visit our website. This usually in-volves processing the following data: the IP address of the requesting computer, the scope of the data transfer (amount of data), the date and time of the request, the duration of your stay on the website, the location from which you retrieve data from our website, connection data and sources, browser type and version (browser fingerprint), information on the operating system of the end device used, referrer query (i.e. from which website the access is made, as well as the URL of the website previously visited by you.

Purpose
This data is processed for the purpose of providing our website and for statistical analysis, as well as for the purpose of identifying and tracing unauthorized access to the web server and other criminal offenses.

Legal basis and legitimate interest
The legal basis for this data processing is the execution of the usage contract with you regarding the use of our website, Art. 6 para. 1 sentence 1 lit. b GDPR.

Recipients
Recipients of the data are our IT service providers within the framework of order processing.

Option to object
The data processing is necessary for securing and operating the website. You exercise your objection by no longer visiting our website.

3.2 General information about cookies
Cookies are small text files that can be used to identify the user’s end device. When you use our web-site, cookies are stored on your end device. Cookies can transmit information from our web server or web servers of third parties to the user’s web browsers, which are stored there for later retrieval. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.

Purpose
We use cookies to ensure the proper functioning of our website and to optimize your website experience.

Legal basis and legitimate interest
The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interests are the technical provision and guarantee of the operation of our website and IT security, as well as the optimization of the presentation of our offer and direct marketing measures.

The legal basis for the processing of personal data in connection with website personalization, the personalization of our advertising measures, tracking and re-targeting is Art. 6 para. 1 sentence 1 lit. a GDPR, insofar as you have given your consent in this regard via our cookie consent management tool when visiting our website.

We process your data on the basis of your consent until you revoke your consent. If we receive such a revocation from you, we may store your data together with an advertising block. In this way, we ensure that you will not receive any further advertising from us. The legal basis for storing the adver-tising blocking notice is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to ensure for us that we duly take your advertising block into account in the future.

Recipients
In addition to the individual transfers described below, we pass on your data to our marketing and IT service providers strictly for the intended purpose – if at all necessary – and only to the extent re-quired as part of order processing.

Option to revoke and object
Insofar as the data processing is based on the legal basis Art. 6 para. 1 sentence 1 lit. a GDPR, you have the right to revoke your consent at any time. You can do this by withdrawing your consent via our cookie consent management tool.

If the legal basis is Art. 6 (1) p. 1 lit. f GDPR, you can object to the data processing. You can exercise your right to object by being able to configure your browser according to your wishes, for example, so that no cookies from third-party providers (so-called third-party cookies) or no cookies at all are stored or a notice always appears before a new cookie is created. In addition, cookies that have al-ready been stored can be deleted at any time via the browser.

You can find out how to configure cookies for the most common browsers by following the links below:
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen.
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en.
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/13.0/mac/10.15.
Opera: https://help.opera.com/de/latest/web-preferences/#cookies.

3.3 Provision and presentation of the website

3.3.1 jQuery
For the graphically appealing design of our website, we use the JavaScript library jQuery and for this purpose the jQuery Content Delivery Network (CDN) of StackPath LLC, 2021 McKinney Ave, Suite 1100, Dallas, TX 75201, USA (“StackPath”). This library is self-hosted.

Purpose
We do this to increase the loading speed of the jQuery libraries when our website is accessed and to ensure the stability of our website.

Legal basis
The legal basis for the aforementioned data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to create a web presence that is as appealing as possible and can be called up quickly, as well as to maintain the stability of our website.

Option to object
You can prevent the execution of the Java Script code by installing a Java Script blocker.

3.3.2 Google Analytics
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”) to analyze traffic on our website. The web analytics service collects, among other things, data about the referrer URL (the website from which a visitor came), which subpages were visited or how often and how long a subpage was visited. The web analytics service is mainly used to optimize a website and for cost-benefit analysis of internet advertising. Google will also use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. We use Google Analytics with the extension “_anonymizeIp()” so that, as a rule, your IP address is shortened by Google within Member States of the European Union or in other contracting states to the Agreement on the Euro-pean Economic Area before being transmitted to Google. Only in exceptional cases will the full IP ad-dress be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Purpose
We do this to evaluate the use of our website and to create reports so that we can further optimize our online presence.

Legal basis
Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
Recipients / transmission to a third country
The (pseudonymized) information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Please note our information under sec-tion 3 for data transfers to so-called third countries.

Storage period
The deletion of data whose retention period has been reached takes place automatically once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html, or https://policies.google.com/?hl=de.

Option to object
You can prevent the storage of cookies by selecting the appropriate settings in your browser soft-ware or by deactivating the use of Google Analytics with regard to your personal data in the consent management tool contained on our website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by down-loading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent the collection across different devices, you must perform the opt-out on all systems used.

3.3.3 Google Fonts
We use Google Fonts from Google on our website. Google Fonts is a font directory. Google fonts are automatically optimized for the web, which, especially when using mobile devices, adapts the display of the website to the devices and also ensures a fast loading time. When you visit our website, the fonts are loaded via a Google server. Through this external call, data (IP address, language settings, browser screen resolution, browser version and browser name) are transmitted to the servers oper-ated by Google.

Purpose
We use Google Fonts for the appealing presentation of our website. In addition, we use Google Fonts to improve the loading speed of our website.

Legal basis
The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. The legitimate interest re-sults from the optimization of the presentation of our website.
Recipients / transmission to a third country
Through the use of Google Fonts, your data is transmitted to Google and, under certain circumstanc-es, data is also transmitted to the USA. The transfer is secured by a data processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Information on data protection at Google can be found here https://policies.google.com/privacy.

Option to object
You may refuse the use of Google Fonts by selecting the appropriate settings on your browser, how-ever please note that if you do this you may not be able to use the full functionality of this website. You can also object to the use of Google Fonts after accessing this website for the first time by click-ing the corresponding button in our cookie content management tool.

3.3.4 Google reCAPTCHA
We use reCAPTCHA technology of Google. Through this service, Google can determine from which website a request is sent as well as from which IP address you use the so-called reCAPTCHA input box. reCAPTCHA places a cookie in your browser when executed and creates a screenshot of your browser window. In addition to your IP address, information about other Google cookies set in your browser within the last six months, information about language settings, the date, installed plug-ins and all JavaScript objects are collected by Google in the United States of America, which are necessary for the offer and guarantee of this service. Due to this information transfer, it cannot be excluded that cross-device tracking takes place at the same time.

Purpose
In some areas of our website, we use Google reCAPTCHA to check and prevent interactions on our website by automated accesses, e.g. by so-called bots. The tool is primarily used to distinguish whether entries are made by natural persons or, if applicable, abusively by machine and automated processing.

Legal basis and legitimate interest
We process your data on the basis of our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f GDPR. Our legitimate interest is to maintain the security and stability of our platform and to prevent abuse and SPAM.

Recipients / transmission to a third country
The personal data collected to this extent may be transmitted to Google, possibly also to the USA, and stored and processed there. The transfer is secured by a data processing agreement and the con-clusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Information on data protection at Google can be found here https://policies.google.com/privacy.

Option to object
You can permanently prevent the setting of cookies at any time by making the appropriate settings in your browser, so that Google reCAPTCHA can also not set a cookie. In addition, cookies already used by Google reCAPTCHA can be deleted at any time via the browser.

3.3.5 Share buttons from social networks
We integrate share button plug-ins from Twitter and LinkedIn on our website. With the help of these buttons, you can share content or posts from our website on the pages of Twitter and LinkedIn. We integrate these share buttons with a technical solution that enables better data protection. With this technical solution, only when you click on the share button is the log data transmitted to the respec-tive social network, as well as the information that you have accessed the corresponding item or post on our website. If you are already registered and logged in to the respective social network at the moment of the forwarding, you can share the post immediately. If you are not already logged in at this moment, you will first be redirected to the respective registration page of the social network. As soon as you are logged in, you can share the post immediately. After activating the plug-in, your browser establishes a direct connection to the servers of the respective provider. The content of the plug-in is transmitted by the provider directly to your browser and integrated into the page. Through this integration, the provider receives the information that your browser has accessed the corre-sponding page, even if you do not have a profile with this provider or are not currently logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the provider and stored there. If you are logged in to the provider, he can immediately assign the visit to our website to your profile. If you interact with the plug-ins, for example by clicking a button or posting a comment, this information is also transmitted directly to a server of the provider and stored there. The respective provider may publish this information on your profile or show it to your contacts.

Purpose
The purpose of processing your log data is to be able to offer you this convenience function.

Legal basis
The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR, whereby you give us your consent by activating the share button.

Recipients / transmission to a third country
Your log data may be transferred to the United States of America and stored and processed there. For data transfers to so-called third countries, please refer to our information under section 3. In-formation about Twitter’s data protection practices can be found at https://twitter.com/privacy?lang=de. For more information about LinkedIn’s data protection practic-es, please visit https://www.linkedin.com/legal/privacy-policy?_l=de_DE. We have no influence on the collection and/or use of your data by Twitter or LinkedIn.

Option to revoke
You can prevent the setting of cookies at any time by closing the respective page.

3.4 Contacting us by e-mail, telephone or via the contact form
You can contact us via the e-mail addresses and telephone numbers provided by us on our website as well as via the contact form provided. If you make use of this option, your personal data transmit-ted by e-mail or by telephone will be processed.

Purpose
The processing is carried out for the purpose of handling your request.

Legal basis and legitimate interest
If the purpose of contacting you is to conclude a contract or if your contact is about an existing con-tract, Art. 6 (1) p. 1 lit. b GDPR is the legal basis for the processing. The legal basis for the processing of your data in the other cases is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest in these cases results from the fact that we can only perform the action requested by you (e.g. answering inquiries) by processing your data accordingly.

Recipients
In the course of processing your request, your data will be transmitted to our employees who will process your request.

3.5 Presence in social networks
We maintain publicly accessible profiles in various social networks (esp. Twitter and LinkedIn). Your visit to these profiles may initiate data processing operations. Below we provide you with an over-view of which of your personal data is collected, used and stored by us when you visit our profiles. You are not obliged to provide us with your personal data.

However, this may be necessary for indi-vidual functionalities of our profiles in social networks. These functionalities will not be available to you or only to a limited extent if you do not provide us with your personal data.
When you visit our profiles, your personal data will be collected, used and stored not only by us but also, where applicable, by the operators of the respective social network. This may also happen if you yourself do not have a profile in the respective social network. The individual data processing opera-tions and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data and about the type, scope and purpose of their use by the operator of the respective social network, please also refer to the data protection statements of the respective operator:

4. Data transfers outside the EEA
If we transfer data to third countries, i.e. countries outside the European Union or the European Economic Area, then the transfer takes place exclusively in compliance with the statutory requirements.

If the transfer of data to a third country is not for the performance of our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims, and no other exemption under Article 49 of the GDPR applies, we will only transfer your data to a third country if an adequacy decision under Article 45 of the GDPR or appropriate safeguards under Article 46 of the GDPR are in place. Corresponding adequacy decisions exist for certain coun-tries such as Switzerland, Canada, the United Kingdom and Israel.

Where such adequacy decisions do not exist, we ensure an adequate level of data protection for the transfer of personal data outside the European Economic Area by concluding the so-called EU stand-ard contractual clauses with the relevant companies and, where necessary, taking further contractual measures.

Unless otherwise stated in this Privacy Policy, we do not transfer your data outside the European Economic Area.

5. How long we store your personal data
We store your personal data only for the period of time necessary to achieve the purpose for which it was collected, unless a shorter storage period results from the other provisions of this privacy policy. The storage is only carried out to the extent of mandatory legal storage obligations. If we no longer need your data for the purposes described in this Privacy Policy, it will be stored during the statutory retention period only and will not be processed for other purposes.

6. Your rights
If personal data of yours is processed by us, you have the following rights towards us:

6.1 Right to information
You may request confirmation from us as to whether personal data concerning you is being pro-cessed by us. If such processing exists, you can request information from us about the information listed in Art. 15 GDPR. If you exercise your right without telling us what specific information you want, we will provide you with all the information pursuant to Art. 15 GDPR.

6.2 Right to rectification
You have a right against us to have your personal data corrected and/or completed if the processed personal data concerning you is inaccurate or incomplete.

6.3 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
• If you dispute the accuracy of the personal data concerning you. This applies for a period of time that allows us to verify the accuracy of the personal data;
• The processing is unlawful. You object to the deletion of the personal data and instead request the restriction of the use of the personal data;
• We no longer need your personal data for the purpose of processing. However, you need them for the assertion, exercise or defense of legal claims;
• If you have objected to the processing pursuant to Article 21 para. 1 GDPR and it has not yet been determined whether our legitimate grounds for further processing override your grounds. If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of an-other natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

6.4 Right of deletion

6.4.1 Obligation to delete
You can demand that we delete the personal data concerning you without delay. For our part, we have an obligation to delete this data without delay if one of the reasons listed in Art. 17 GDPR ap-plies.

6.4.2 Information to third parties
If we have made the personal data concerning you public in an individual case and we are obliged to delete it pursuant to Art. 17(1) GDPR, we will take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested them to delete all links to or copies or replications of such personal data. However, as a general rule, we do not make your personal data public.

6.4.3 Exceptions
The right to deletion does not exist insofar as the processing is necessary
• For the exercise of the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under Union or Mem-ber State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in Section 6.4.1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
• for the assertion, exercise or defense of legal claims.

6.4.4 Right to information.
If you have asserted the right to rectification, deletion or restriction of processing of your personal data against us, we are obliged to notify all recipients of your personal data of this rectification or deletion of data or restriction of processing. This does not apply if the notification proves impossible or would involve a disproportionate effort. You have the right against us to be informed about these recipients.

6.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller, provided that
• the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and
• the processing is carried out with the help of automated procedures. If you so wish and insofar as it is technically feasible for us and the freedoms and rights of other persons are not affected thereby, we will transfer the personal data relating to you directly to the other controller.
The right to data portability does not apply to processing of personal data necessary for the perfor-mance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6.6 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the pro-cessing of personal data concerning you which is carried out on the basis of Article 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to the creation of user profiles based on these provisions.
We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the pro-cessing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to user profiling insofar as it is related to such direct marketing.

6.7 Automated decisions in individual cases including user profiling.
Where certain decisions on our part are based solely on automated processing – including user profil-ing – you have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you. However, this does not apply,
• if the decision is necessary for the conclusion or performance of a contract between you and us,
• if the decision is permissible on the basis of legal provisions of the Union or the Member States to which we are subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
• if this form of decision-making is carried out with your explicit consent.

6.8 Right to complain to a supervisory authority.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a com-plaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of data protection law, including the GDPR.

6.9 Revocation of consent given.
If you have given consent under data protection law, you have the right to revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. If you have given several declarations of consent under data protection law, please tell us which of the consents you are revoking. If we do not receive such a specification even upon request, we will assume that your revocation applies to all consents granted up to that point. We will then terminate the data processing activities on our website based on the consents.

7. Our data security principles
All information you submit to us is stored on servers within the European Economic Area. Unfortu-nately, the transmission of information over the Internet is not completely secure, so we cannot guarantee the security of data transmitted to our website over the Internet. However, we compre-hensively secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Our security measures are continuously revised in line with technological developments. Our employees are obliged to maintain confidentiality.

8. Links to third party websites
Please note that our website may contain links to content of other providers to which this Privacy Policy does not apply. We have no influence on these websites and also not on whether they comply with the applicable data protection regulations.

9. Updating of this Privacy Policy
The constant development of technology and the Internet makes it necessary to update our Privacy Policy from time to time. We reserve the right to change this Privacy Policy at any time with effect for the future. The latest version is available on our website. Please visit the website regularly and inform yourself about the current Privacy Policy.

Last update: 17.01.2022