We use essential cookies to make our website work. To improve and personalize your experience, we ask for your permission to use additional cookies. In some cases, the information gathered via the cookies is processed in the USA, where legal regulations concerning data privacy and processing activities differ from those in the EU and the UK.
Do you consent to the use of cookies and the associated processing of your personal data in the EU and the USA?
For more information on cookies and data protection, see our Privacy Notice. You can select or change your own cookie settings or withdraw your consent anytime by clicking on "Customize".

Data privacy

With this data privacy notice, we inform you about the personal data we collect and the purposes for which the data are processed when you use our website www.tokenize.it (hereinafter "Website"). We also inform you about how we handle your personal data when you contact us. In addition, we inform you about your rights as a data subject.

1. Data controller and contact

The service provider responsible for the collection and processing of your personal data is Tokenize.it GmbH (hereinafter “Tokenize.it” or “We”).

You can reach us at:

Tokenize.it GmbH
Markt 16
09648 Mittweida
Germany
Email: hi@tokenize.it

2. Data protection officer

Rechtsanwalt Asmus Eggert
Wilhelm-Kabus-Str. 9
10829 Berlin
privacy@tokenize.it

3. Subject matter of data protection

The subject matter of data protection is personal data. According to Art. 4 No. 1 GDPR, these are all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.

4. What sources and data do we use?

We process personal data that we receive from you in the course of using our Website and possibly our business relationship.

When you use the Website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you access our Website, we collect the following access data, which are technically necessary for us to display our Website to you and to ensure its stability and security: IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (i.e., name of the specifically accessed website), access status/HTTP status code, respectively transmitted data volume, referrer URL (previously visited page), operating system and its interface, language and version, as well as the type of browser software, message about successful retrieval.

Furthermore, we receive your personal data if you contact us (e.g., by email or via our contact form). Personal data here may include, for example, name, email address, and any data you send us as a message (hereinafter referred to as "Contact Details").

5. For what purposes do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:

Consent, Art. 6(1) sentence 1 lit. a GDPR

If you have given us consent to process personal data for specific purposes, especially for contacting us (e.g., via our contact form or by email for processing and handling inquiries, sending newsletters, advertising by telephone, etc.), the legality of this processing is based on your consent.

A consent given can be revoked at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact details mentioned above.

Performance of pre-contractual measures at the request of the person or performance of a contract, Art. 6(1) sentence 1 lit. b GDPR

When contacting us (via contact form or email), your information will be processed to handle the contact request and its processing.

In the context of balancing interests to safeguard legitimate interests, Art. 6(1) sentence 1 lit. f GDPR, and § 25(2) No. 2 TTDSG; based on your consent, Art. 6(1) sentence 1 lit. a GDPR, and § 25(1) TTDSG

We use cookies and similar technologies on our Website. We store information on your device because this is absolutely necessary to provide you with our Website. Data processing is carried out to safeguard our legitimate interest in the best possible functionality of the Website.

When you visit our Website for the first time, you will also be asked whether you consent to the use of non-essential cookies and similar technologies. If you consent to data collection and storage in accordance with § 25(1) TTDSG, and the possibly associated subsequent data processing pursuant to Art. 6(1) sentence 1 lit. a GDPR, we may use this information, for example, to analyze the use of our Website or to conduct marketing activities.

You have the option to revoke your consent at any time with effect for the future via the cookie button (consent settings), which is displayed to you at the bottom left of our Website.

In section 12, you will also receive further information about the services, cookies, and similar technologies used by us, especially regarding the management and deletion of cookies.

Establishment of an employment relationship, Art. 6(1) sentence 1 lit. b GDPR, and after completion of the application process, rejection to safeguard legitimate interests, Art. 6(1) sentence 1 lit. f GDPR (defense against claims), if granted, consent, Art. 6(1) sentence 1 lit. a GDPR

When contacting us (via contact form or email) in connection with your application, we process your data to assess your suitability for the position (or other open positions in our companies) and to conduct the application process. Your application data will be reviewed by the HR department upon receipt of your application. Suitable applications will then be forwarded internally to the department heads responsible for the respective open position. The further procedure will then be decided there. In principle, only those persons in the company have access to your data who need it for the proper conduct of our application process.

In the context of balancing interests to safeguard legitimate interests, Art. 6(1) sentence 1 lit. f) GDPR

We process your access data (see above under point 4) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:

• Ensuring IT security, especially the security of the Website;
• Advertising or market and opinion research, provided you have not objected to the use of your data; and
• Assertion of legal claims and defense in legal disputes.

6. Who receives my data?

Service providers (Article 28 GDPR) employed by us may also receive data for the purposes mentioned above. These may include, for example, our IT service providers, hosting providers, or other third parties providing printing, telecommunications, distribution, and marketing services. If we disclose data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures to protect the rights of data subjects, ensure an adequate level of data protection, and are carefully monitored by us.

Disclosure of data to third parties who are not data processors only occurs within the framework of legal requirements.

Furthermore, we disclose user data to third parties if, for example, this is based on Art. 6(1) sentence 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR required for the economic and effective operation of our business or if you have consented to the data transfer.For purely informational use of the Website, we do not generally disclose data to third parties.
‍Within our company, only those departments receive access to your data that require it to fulfill our contractual and legal obligations.

7. How long will my data be stored?

For security reasons (e.g., to investigate misuse or fraud), log file information is stored for a maximum of 30 days and then deleted (see above point 2). Data that must be retained for evidentiary purposes is excluded from deletion until the final resolution of the respective incident.

To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes the initiation of a contract via contact form or email.

In the event of rejection, applicant data will be deleted after 6 months. If you have agreed to further storage of your personal data, we will include your data in our applicant pool. The data will be deleted from there if you revoke your consent or, at the latest, after 2 years. If we fill the advertised position with you, your data will be stored in our personnel management system.

In addition, we are subject to various retention and documentation obligations, which result, among other things, from the Commercial Code (HGB) and the Fiscal Code (AO). The deadlines for retention or documentation specified there range from two to ten years.

Records of telephone conversations and electronic communications with contract-relevant content are deleted after the statutory retention period of 5 years (§ 83 para. 5 WpHG) or after 7 years at the request of the Federal Financial Supervisory Authority (BaFin). Recordings without contract-relevant content are deleted immediately.

The retention period for identification data extends beyond the end of your contractual relationship with us: According to §§ 8, 10 GwG, we are obliged to store identification data for at least five years. This retention obligation begins only at the end of the calendar year in which our customer relationship with you ends - so the entire retention period can be longer than five years after the end of the contract.

Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can also be up to thirty years, with the regular limitation period being three years.

If you assert your rights as a data subject, we will store the information provided to you until the expiration of the statutory limitation period pursuant to § 31 para. 2 No. 1 OWiG, § 41 para. 1 BDSG, Art. 83 para. 5 lit. b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of limitation periods (e.g., in the context of inquiries from supervisory authorities).

Unless otherwise stated, we will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it according to the preceding paragraphs. If data must be retained for legal reasons, their processing will be restricted. The data will then no longer be available for further use.

8. Are data transferred to a third country or to an international organization?

The data provided is processed within the European Union and in the USA. When transferring data to the USA, we ensure that the recipients of the data are certified under the EU-U.S. Data Privacy Framework or that we agree with recipients without certification on EU standard data protection clauses. If we base the data transfer on EU standard data protection clauses, we will take additional security measures to protect your data and to achieve an adequate level of protection for your personal data. You have the option to receive or inspect the EU standard data protection clauses in a copy. If necessary, we will obtain your express consent for the transfer of data to the USA.

9. What data protection rights do I have?

Every data subject has:

• the right to information pursuant to Art. 15 GDPR (i.e., you have the right to obtain information about your personal data stored by us at any time),
• the right to rectification pursuant to Art. 16 GDPR (i.e., in the event that your personal data are incorrect or incomplete, you may request the rectification of this data),
• the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR (i.e., you may, if necessary, request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage),
• the right to data portability under Art. 20 GDPR (i.e., you may, if necessary, receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and transmit this data to another controller without hindrance).

Furthermore, you can generally revoke your consent with effect for the future.

In addition, there is a right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. We would appreciate it if we could address your concerns before you contact the responsible data protection authority or another supervisory authority and therefore ask you to first contact us with your complaint.

In addition, we would like to draw your attention to your right to object under Art. 21 GDPR:

Information about your right to object under Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1) sentence 1 lit. e GDPR (processing in the public interest) and Article 6(1) sentence 1 lit. f GDPR (processing based on a balance of interests), including profiling based on that provision according to Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and no costs other than the transmission costs according to the basic rates will be incurred.

If you wish to make use of your right to object, an informal notification, e.g. to the above-mentioned contact details, is sufficient.

10. To what extent is there automated decision-making on an individual basis, including profiling?

As part of accessing our Website or contacting us via form or email, we generally do not use fully automated decision-making processes according to Article 22 of the GDPR. If we do employ these processes in individual cases, we will inform you separately if required by law. We do not process your data automatically with the aim of evaluating specific personal aspects (profiling).

11.  Do I have an obligation to provide data?

Within the scope of our Website, you must provide those personal data that are technically or for IT security reasons necessary for the use of our Website. If you do not provide this data, you cannot use our Website.

In the context of contacting us, for example, by email, you only need to provide those personal data that are necessary for processing your request. Otherwise, we cannot process your request.

12. Cookies and similar technologies

a) General

We and services that we may use on our Website use cookies and similar technologies, such as web storage or web beacons (see below).

Cookies are stored in the user's browser on the end device. They contain information that is stored for a visited page. The cookie is either sent from the web server to the browser or generated in the browser by a script (JavaScript). The web server can read this cookie information directly on subsequent visits to this page or transfer the cookie information to the server via a script on the Website. When cookies are set, they generally collect and process certain user information such as browser and location data as well as IP address values. Some of these cookies are essential for the functioning of our Website, while others help us improve our Website by providing insights into your use of the Website.

With web storage, information is stored locally in your browser cache. The stored information is either automatically deleted after closing the browser window ("session storage") or remains in place so that it can be read again when the Website is visited again ("local storage"), unless you delete your browser cache ("browser data").

Web beacons are 1x1 pixel-sized graphics that are integrated into websites or emails (newsletters) in various ways and also serve to collect and evaluate user data.

We store information on your end device if this is absolutely necessary to provide you with our Website, § 25 (2) No. 2 TTDSG. Otherwise, data collection is generally only carried out with your explicit consent in accordance with § 25 (1) TTDSG. If individual cookies also process personal data, the processing is carried out in accordance with Article 6 (1) (b) GDPR to perform the contract, in accordance with Article 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the Website and a user-friendly and effective design of the page visit, or in accordance with Article 6 (1) (a) GDPR following your consent. You have the option to withdraw your consent at any time via the cookie button (consent settings) at the bottom left of our Website.

You can individually prohibit the storage of cookies through the settings of your browser (you can find out how to set the cookie treatment via the help page of the browser). Assistance with cookie management in the most common browsers can be found at the following addresses:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
Opera: http://www.opera.com/de/help
Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

Please note that deactivating cookies may lead to functional restrictions on this Website.

In addition, you can deactivate cookies used for audience measurement and advertising purposes via the deactivation page for consumers in the EU https://www.youronlinechoices.com/de/praferenzmanagement/.

We inform you about the specific use of cookies and similar technologies, as well as the scope of the information collected, in the following paragraphs.

b) Consent management

To enable you to conveniently manage your consents, you will be shown a consent banner when you first visit our Website. You will have the opportunity to give your consent to consent-required services. In this context, the IP address and geographic location, opt-in and opt-out data, referrer URL, user agent, your user settings, a consent ID, and the time of consent and the type of consent are collected. Your consent settings are stored in a cookie on your end device. The validity period of the cookie is 6 months.

If you have given us your consent to set cookies and similar technologies and to process your data, you can revoke your consent at any time via the consent settings in the footer of our Website with effect for the future.

The data collection takes place in accordance with § 25 (2) No. 2 TTDSG, the subsequent data processing in accordance with Article 6 (1) (c) GDPR, since obtaining consent for the use of cookies and similar technologies and the processing of personal data is legally required, and in accordance with Article 6 (1) (f) GDPR based on our legitimate interest in consent management.

13. Google services

We use services provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our Website.

When using the Google services listed below, the data collected in this context is usually transmitted to a server in the USA.

Data collection and storage are carried out in accordance with § 25 (1) TTDSG, and subsequent data processing is carried out in accordance with Article 6 (1) (a) GDPR only with your explicit consent. You can revoke your consent at any time with effect for the future in the consent settings at the end of our Website.

For more information on the processing of your data, see the following paragraphs. Further information on the processing of your data by Google can be found in Google's privacy policy at http://www.google.de/policies/privacy/.

a) Google Tag Manager

We use Google Tag Manager to integrate additional services, such as Google Analytics. Google Tag Manager does not set cookies itself, but Google receives your IP address as part of its use.

b) Google Analytics

We use the web analytics service Google Analytics. Google collects information about the use of our Website on our behalf to evaluate it, compile reports on activities within this Website, and provide us with other services related to the use of this Website. For these purposes, Google sets cookies on our Website, which are stored on your device.

The following data is processed as part of Google Analytics: IP address and geographical location, browser and device information, and referrer URL. In addition, information about the usage behavior of our visitors on the Website is recorded. Google creates pseudonymous user profiles. The collected data is stored for 14 months.

For access from the EU, IP address data is only used to derive location data and then immediately deleted. They are not logged, not accessible, and not used for further use cases. In Google Analytics 4, all data from devices located in the EU (based on the geographic location according to IP address) is collected via domains and servers in the EU before the traffic is forwarded to Analytics servers for processing. Google's Analytics servers are located in the USA.

c) YouTube

We have embedded YouTube videos on our Website, which are stored on http://www.youtube.com and can be played directly from our Website.

The videos are embedded in such a way that data about you as a user is only transmitted to Google when you play the videos. We have no influence on the data transfer to Google. Google sets cookies in this context, which are stored on your device, and stores information in web storage.

By visiting the Website, Google receives information that you have accessed the corresponding subpage of our Website and data about the location (GPS data), IP address, and devices used, including information about objects near your device, such as WLAN access points, radio masts, and Bluetooth-enabled devices, as well as sensor data from your device (see Google's privacy policy). This happens regardless of whether you are logged in to Google or YouTube. However, if you are logged in, your data may be associated with your account. If you do not want this assignment to your YouTube profile, you must log out before activating a video. However, Google also stores the data independently of whether a user account exists at Google, creates usage profiles, and evaluates them. Opting out of personalized advertising is possible at https://myadcenter.google.com/.

14. Hotjar

We use the web analytics service Hotjar of Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (“Hotjar”).

Hotjar collects information about the use of our Website on our behalf to evaluate it, compile reports on activities within this Website. Hotjar sets cookies on our Website for these purposes, which are stored on your device, as well as web storage.

The following data is processed as part of web analytics: IP address and geographical location, browser and device information, and referrer URL. In addition, information about the usage behavior of our visitors on the Website is recorded. With Hotjar, we can record your mouse and scroll movements and clicks. Hotjar can also determine how long you stayed with the mouse pointer on a specific spot. Hotjar creates so-called heatmaps from this information, which can be used to determine which areas of the Website are preferred by the website visitor. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels). Hotjar creates pseudonymous user profiles. The collected data is stored for 12 months.

The data is usually transmitted to a server in the USA.

Data collection and storage are carried out in accordance with § 25 (1) TTDSG. Subsequent data processing is carried out in accordance with Article 6 (1) (a) GDPR based on your explicit consent. You can revoke your consent at any time with effect for the future in the consent settings.

For more information on Hotjar's privacy policies, please visit https://www.hotjar.com/privacy.

15. Hubspot Analytics

We use the web analytics service provided by HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland (“HubSpot”).

HubSpot collects information about the use of our Website on our behalf to evaluate it, compile reports on activities within this Website. HubSpot sets cookies on our Website for these purposes, which are stored on your device.

The following data is processed as part of web analytics: IP address and geographical location, browser and device information, referrer URL, and usage data such as the duration of your visit and the pages you visited.

We have agreed with HubSpot to have servers in Frankfurt, Germany. However, regardless of this, HubSpot may transfer your data to other affiliated companies of HubSpot in countries where HubSpot operates, including the USA.

HubSpot is certified under the Data Protection Framework (DPF), so any transfer of personal data to the USA is based on this.Data collection and storage are carried out in accordance with § 25 (1) TTDSG. Subsequent data processing is carried out in accordance with Article 6 (1) (a) GDPR based on your explicit consent. You can revoke your consent at any time with effect for the future in the consent settings.

For more information, please refer to HubSpot's privacy policy at: https://legal.hubspot.com/de/privacy-policy.

16. LinkedIn Insight Tag

The "LinkedIn Insight Tag" of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"), is used on our Website.

This is a JavaScript code that sets a cookie on your device, which allows the collection of, among other things, the following data: IP address, device and browser properties, and page events (e.g., page views). This data is encrypted and anonymized within seven days, and the anonymized data is deleted within 90 days.

Through the "LinkedIn Insight Tag," we receive information about which LinkedIn advertisement or interaction on LinkedIn brought you to our Website. This allows us to better control the display of our advertising. In addition, LinkedIn offers retargeting through the Insight Tag. With this data, we can display targeted advertising outside our Website based on your interests without identifying you as a website visitor.

The data processing is carried out jointly by LinkedIn and us in accordance with Art. 26 GDPR. The primary responsibility for the processing of personal data via the Insight Tag lies with LinkedIn, and all obligations under the GDPR regarding the processing of personal data by LinkedIn are fulfilled (in particular, the obligations to provide information under Articles 12 ff. GDPR, ensuring data subject rights under Articles 15 ff. GDPR, and reporting data breaches under Articles 33, 34 GDPR).

The agreement on joint responsibility under Art. 26 GDPR can be found at: https://legal.linkedin.com/pages-joint-controller-addendum.

Please note that LinkedIn may store and process the data so that a connection to the respective user profile is possible, and LinkedIn may use the data for its own advertising purposes. Furthermore, the data is processed in the USA. LinkedIn is certified under the Data Protection Framework (DPF), so any transfer of personal data to the USA is based on this.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight Tag on our Website ("opt-out"), click here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data collection and storage are carried out in accordance with § 25 (1) TTDSG. Subsequent data processing is carried out in accordance with Article 6 (1) (a) GDPR based on your explicit consent. You can revoke your consent at any time with effect for the future in the consent settings.

For more information, please refer to LinkedIn's privacy policy at: https://de.linkedin.com/legal/privacy-policy.

17. Newsletter

If you subscribe to our email newsletter, we will inform you regularly about our platform and our services. You will also receive exciting updates with the latest information and news on all aspects of corporate finance, investments and employee participation.

The only mandatory information for sending the newsletter is your e-mail address. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later date. Our email newsletters are sent via HubSpot. Hubspot processes the information provided when registering for the newsletter to send and statistically evaluate the newsletter on our behalf. For statistical analysis, the emails sent contain so-called web beacons. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on. Technical information is also collected (e.g. the time of access, the IP address and browser and device information (e.g. the operating system). This data is used exclusively for the statistical analysis of newsletter campaigns and is not used to personalize the newsletter.

If you wish to withdraw your consent to data processing for statistical analysis purposes, you must unsubscribe from the newsletter. Data collection is carried out in accordance with Section 25 (1) TTDSG, downstream data processing in accordance with Art. 6 (1) sentence 1 lit. a GDPR, provided that you have expressly consented to the delivery of our newsletter via the double opt-in procedure (DOI). This means that we will only send you an email newsletter if you have expressly confirmed to us that you consent to the sending of newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending us a corresponding message via our contact options mentioned above. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately.

Further information on data processing can be found in Hubspot's privacy policy at https://legal.hubspot.com/de/privacy-policy.

18. Our Social Media Accounts

We are present on social networks and platforms so that we can communicate with you and inform you about our services there.

Please note that your data may be processed outside the European Union during this process, and the data is usually processed for market research and advertising purposes. Usage profiles can be created from the usage behavior and resulting interests of users. These usage profiles can then be used to display advertising within and outside the platforms that presumably corresponds to the interests of the users.

Cookies may be stored on users' computers to store the users' usage behavior and interests. Other data may also be stored in these usage profiles, especially if users are members of the respective platforms and logged in to them.

On our Website, we only link to our company profiles on the respective social networks. However, please note that when you click on a link to the social networks, data is transferred to their servers. If you are logged in to the respective social network with your username and password at that time, the information is transferred there that you have visited our company profile on the respective social network from our Website, and the respective provider may save this information in your user account.

We generally do not have significant influence on the data processing of social networks. However, we receive statistics from the providers about the use and visits to our company profiles on social networks (e.g., information about the number of views, interactions such as likes and comments, as well as aggregated demographic and other information or statistics). For more information on the data used by the providers, please see the privacy policies of the providers linked below.

If we receive your personal data as part of our social media presence (e.g., in a message), you have the rights mentioned in this privacy policy above regarding this data processing. You can direct your inquiries regarding data processing in the context of our company profiles to us using the contact details provided above.

If you also wish to assert rights against the provider of the social network, you can do so most easily by contacting the respective providers directly. The provider knows the details of the technical operation of the platform and the associated data processing, as well as the specific purposes of the data processing. The contact details can be found in the privacy information linked below. We are happy to assist you in asserting your rights to the extent possible.

The processing of users' personal data is generally based on your consent pursuant to Art. 6 (1) (a) GDPR. The legal basis is also Art. 6 (1) (b) GDPR if we receive and process your data in the context of a contract-related inquiry via our social media presence. The legal basis for linking and operating our company profiles on social networks, including receiving statistics about the use of our company profiles, is Art. 6 (1) (f) GDPR based on our legitimate interest in our company communication on the respective social networks.

For information about the respective processing and the respective options for objection, please refer to the privacy information of the providers linked below:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and establishing new business contacts - Privacy policy https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/mypreferences/d/profile-visibility-for-partners
X (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland), microblogging service - Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization
GitHub (GitHub B.V., Prins Bernhardplein 200, 1097JB, Amsterdam, Netherlands), platform for developers - Privacy policy: https://docs.github.com/de/site-policy/privacy-policies/github-privacy-statement
Medium (A Medium Corporation, 548 Market St., PMB 42061 San Francisco, 94104 CA USA), online publishing platform - Privacy policy: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland), photo and video sharing platform - Privacy policy: https://privacycenter.instagram.com/policy/
Common Ground (Common Ground Association, Dammstrasse 19, 6300 Zug, Switzerland), Web3 Community Platform - Privacy policy: https://app.cg/c/commonground/article/privacy-policy-4vhHTcaUHQnDfmCDdQcNFf/

Last update: September 12, 2024

Data privacy

This data protection notice intends to inform you about the processing of your personal data by us and the claims and rights to which you are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR).

Below you will learn about the type, scope and purpose of the processing of personal data on the Tokenize.it platform (hereinafter “Platform“) available on www.tokenize.it. This data protection notice also applies to all services related to the Platform. The data protection information applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data within the meaning of the GDPR is all data that can be related to you personally, e.g. name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services you use.

We use various other terms in relation to the GDPR in our data protection information. This includes terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find corresponding definitions for these terms in Art. 4 GDPR.

1. Who is responsible for data processing and who can I contact?

The person responsible is: 

Tokenize.it GmbH
Markt 16
09648 Mittweida
Tel.: 03727 5999530
E-Mail: hi@tokenize.it


You can reach our data protection officer at:

mip Consult GmbH
Rechtsanwalt Asmus Eggert
Wilhelm-Kabus-Str. 9
10829 Berlin
privacy@tokenize.it

2. Which sources and data do we use?

We process personal data that we collect as part of your use of our Platform and, if applicable, as part of our business relationship with certain companies for whom we are providing technology services enabling them to launch digital Private Offers, (employee) participation programs and public fundraises (hereinafter “Crowdinvesting”) via the Platform.

Information about what data we process when you register on our Platform, make an investment via our Platform or participate as a beneficiary in a company's profit participation program can be found in the following paragraphs.

When you use our Platform, we collect personal data that your browser transmits to our server. When you access our Platform, we collect the following access data, which is necessary from a technology perspective for us to make the Platform available to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific page accessed), access status/HTTP status code, amount of data transferred, referrer URL (previously page visited), operating system and its interface, language and version as well as type of browser software, notification of successful access.

We will also receive your personal data if you contact us. Personal data in this case includes, for example, name, email address and, if applicable, the data that you send to us as a message (hereinafter “contact details").

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”), among others, for the following purposes and on the basis of the following legal bases:

Consent, Art. 6(1) sentence 1 lit. a GDPR:
As long as you consent to the processing of your personal data for specific purposes, this processing based on your consent is lawful.
Consent given can be revoked at any time. Please note that the revocation will only take effect for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact details above.

Performance of pre-contractual measures at the request of the person or performance of a contract, Art. 6(1) sentence 1 lit. b GDPR:
When contacting us (via contact form or email), your information will be processed to handle the contact request and its processing.

In the context of balancing interests to safeguard legitimate interests, Art. 6(1) sentence 1 lit. f GDPR, and § 25(2) No. 2 TTDSG; based on your consent, Art. 6(1) sentence 1 lit. a GDPR, and § 25(1) TTDSG:
We use cookies and similar technologies on our Platform. We store information on your device because this is absolutely necessary to provide you with our Platform. Data processing is carried out to safeguard our legitimate interest in the best possible functionality of the Platform.When you visit our website for the first time, you will also be asked whether you consent to the use of non-essential cookies and similar technologies. If you consent to data collection and storage in accordance with § 25(1) TTDSG, and the possibly associated subsequent data processing pursuant to Art. 6(1) sentence 1 lit. a GDPR, we may use this information, for example, to analyze the use of our Platform or to conduct marketing activities.

You have the option to revoke your consent at any time with effect for the future via the cookie button (consent settings), which is displayed to you at the bottom left of our Platform.

In section 10, you will also receive further information about the services, cookies, and similar technologies used by us, especially regarding the management and deletion of cookies.

Compliance with legal obligation Art. 6(1) sentence 1 lit. c GDPR in conjunction with Sections 10, 11 para. 1 sentence 1, 12 Money Laundering Act (“GWG”):
To prevent and detect money laundering and terrorist financing and to comply with other sanctions and embargo regulations as part of our “KYC” (Know Your Customer) process, we will process certain personal data, including: to identify you, verify your identity and compare your information with sanctions lists.

As part of the balancing of interests to safeguard legitimate interests, Art. 6(1) sentence 1 lit. f GDPR:
We process your data to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:
- Ensuring IT security, especially the security of the Platform;
- Advertising or market and opinion research, provided you have not objected to the use of your data; and
- Assertion of legal claims and defense in legal disputes.

4. Who receives my data?

Within our company, only those departments receive access to your data that require it to fulfill our contractual and legal obligations.
Service providers (Article 28 GDPR) employed by us may also receive data for the purposes mentioned above. These may include, for example, our IT service providers, hosting providers, or other third parties providing printing, telecommunications, distribution, and marketing services. If we disclose data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures to protect the rights of data subjects, ensure an adequate level of data protection, and are carefully monitored by us.

Disclosure of data to third parties who are not data processors only occurs within the framework of legal requirements.

We transmit personal data as a tied agent when providing investment brokerage services in the context of Crowdinvesting to Concedus GmbH, Schlehenstraße 6, 90542 Eckental as our regulatory liability umbrella (the “liability umbrella“) to fulfill our contractual obligations.

We transmit personal data to law enforcement authorities and, if necessary, to injured third parties if this is necessary to investigate unlawful use of our services or to carry out criminal prosecution. However, this only happens if there are specific indications of illegal or abusive behavior. A transfer may also be made to enforce our terms of use or other agreements. We are also required by law to provide information upon request to certain public authorities, such as law enforcement authorities, administrative offense authorities and tax authorities. These transfers are based on our legitimate interests in combating abuse, assistance of law enforcement and asserting claims that outweigh your rights and interests in protecting your personal data. This is done in accordance with Article 6(1) lit. f GDPR or due to a legal obligation according to Article 6(1) sentence 1 lit. c GDPR.

We also pass on user data to third parties if, for example, this is based on Article 6(1) sentence 1 lit. b GDPR for contractual purposes or based on legitimate interests in accordance with Article 6(1) sentence 1 lit. f GDPR if it is necessary for the economical and effective operation of our business or you have consented to the data transfer.

5. How long will my data be stored?

For security reasons (e.g., to investigate misuse or fraud), log file information is stored for a maximum of 30 days and then deleted (see above point 2). Data that must be retained for evidentiary purposes is excluded from deletion until the final resolution of the respective incident.

To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes the initiation of a contract via contact form or email.

In addition, we are subject to various retention and documentation obligations, which arise, among other things, from the Commercial Code (HGB) and the Tax Code (AO). The periods specified there for storage and documentation are two to ten years.

The retention period for identification data, the results of the sanctions list comparison and the determination of the PEP status extend beyond the end of your contractual relationship with us: According to Sections 8 and 10 of the GWG, we are obliged to store identification data for at least five years. This retention obligation begins at the end of the calendar year in which our customer relationship with you ends - the entire retention period can therefore be longer than five years after the end of the contract.

Finally, the storage period is also determined by the statutory limitation periods, which, for example, according to Sections 195 ff. of the Civil Code (BGB), are usually 3 years, but can in certain cases be up to thirty years.

If you assert your rights as a data subject, we will store the information provided to you until the expiration of the statutory limitation period pursuant to § 31 para. 2 No. 1 OWiG, § 41 para. 1 BDSG, Art. 83 para. 5 lit. b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of limitation periods (e.g., in the context of inquiries from supervisory authorities).

Unless otherwise stated, we will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it according to the preceding paragraphs. If data must be retained for legal reasons, their processing will be restricted. The data will then no longer be available for further use.

6. Will data be transferred to a third country or to an international organization?

The data provided is processed within the European Union and in the USA. When transferring data to the USA, we ensure that the recipients of the data are certified under the EU-U.S. Data Privacy Framework or that we agree with recipients without certification on EU standard data protection clauses. If we base the data transfer on EU standard data protection clauses, we will take additional security measures to protect your data and to achieve an adequate level of protection for your personal data. You have the option to receive or inspect the EU standard data protection clauses in a copy. If necessary, we will obtain your express consent for the transfer of data to the USA.

7. What data protection rights do I have?

Every data subject has:

• the right to information pursuant to Art. 15 GDPR (i.e., you have the right to obtain information about your personal data stored by us at any time),
• the right to rectification pursuant to Art. 16 GDPR (i.e., in the event that your personal data are incorrect or incomplete, you may request the rectification of this data),
• the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR (i.e., you may, if necessary, request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage),
• the right to data portability under Art. 20 GDPR (i.e., you may, if necessary, receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and transmit this data to another controller without hindrance).Furthermore, you can generally revoke your consent with effect for the future.

In addition, there is a right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. We would appreciate it if we could address your concerns before you contact the responsible data protection authority or another supervisory authority and therefore ask you to first contact us with your complaint.

In addition, we would like to draw your attention to your right to object under Art. 21 GDPR:

Information about your right to object under Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1) sentence 1 lit. e GDPR (processing in the public interest) and Article 6(1) sentence 1 lit. f GDPR (processing based on a balance of interests), including profiling based on that provision according to Article 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and no costs other than the transmission costs according to the basic rates will be incurred.

If you wish to make use of your right to object, an informal notification, e.g. to the above-mentioned contact details, is sufficient.

8. To what extent is there automated decision-making in individual cases, including profiling?

When accessing our Platform or when contacting us via form or email, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if this is required by law. We do not process your data automatically with the aim of evaluating specific personal aspects (profiling).

9. Do I have an obligation to provide data?

Within the scope of our Platform, you must provide the personal data that is required for technical or IT security reasons to use our Platform. Unless you provide this data, you will not be able to use our Platform.

In the context of contacting us, for example, by email, you only need to provide those personal data that are necessary for processing your request. Otherwise, we cannot process your request.

In order to use our Platform and the services provided in connection with investments and profit participation programs on the Platform, you must provide us with the personal data that is strictly necessary for the use of the Platform and the services or which we are legally obliged to collect. Without this data we are required to restrict access to our services.

10. Cookies and similar technologies

a) General
We and services that we may use on our Platform use cookies and similar technologies, such as web storage or web beacons (see below).

Cookies are stored in the user's browser on the end device. They contain information that is stored for a visited page. The cookie is either sent from the web server to the browser or generated in the browser by a script (JavaScript). The web server can read this cookie information directly on subsequent visits to this page or transfer the cookie information to the server via a script on the Platform. When cookies are set, they generally collect and process certain user information such as browser and location data as well as IP address values. Some of these cookies are essential for the functioning of our Platform, while others help us improve our Platform by providing insights into your use of the Platform.

With web storage, information is stored locally in your browser cache. The stored information is either automatically deleted after closing the browser window ("session storage") or remains in place so that it can be read again when the Platform is visited again ("local storage"), unless you delete your browser cache ("browser data").

Web beacons are 1x1 pixel-sized graphics that are integrated into websites or emails (newsletters) in various ways and also serve to collect and evaluate user data.

We store information on your end device if this is absolutely necessary to provide you with our Platform, § 25 (2) No. 2 TTDSG. Otherwise, data collection is generally only carried out with your explicit consent in accordance with § 25 (1) TTDSG. If individual cookies also process personal data, the processing is carried out in accordance with Article 6 (1) (b) GDPR to perform the contract, in accordance with Article 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the Platform and a user-friendly and effective design of the page visit, or in accordance with Article 6 (1) (a) GDPR following your consent. You have the option to withdraw your consent with effect for the future at any time via the cookie button (consent settings) at the bottom left of our Platform.

You can individually prohibit the storage of cookies through the settings of your browser (you can find out how to set the cookie treatment via the help page of the browser). Assistance with cookie management in the most common browsers can be found at the following addresses:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
Opera: http://www.opera.com/de/help
Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09Please note that deactivating cookies may lead to functional restrictions on the Platform.

In addition, you can deactivate cookies used for audience measurement and advertising purposes via the deactivation page for consumers in the EU https://www.youronlinechoices.com/de/praferenzmanagement/.

We inform you about the specific use of cookies and similar technologies, as well as the scope of the information collected, in the following paragraphs.

b) Consent Management
To enable you to conveniently manage your consents, you will be shown a consent banner when you first visit our website. You will have the opportunity to give your consent to consent-required services. In this context, the IP address and geographic location, opt-in and opt-out data, referrer URL, user agent, your user settings, a consent ID, and the time of consent and the type of consent are collected. Your consent settings are stored in a cookie on your end device. The validity period of the cookie is 6 months.

If you have given us your consent to set cookies and similar technologies and to process your data, you can revoke your consent at any time via the consent settings in the footer of our Platform with effect for the future.

The data collection takes place in accordance with § 25 (2) No. 2 TTDSG, the subsequent data processing in accordance with Article 6 (1) (c) GDPR, since obtaining consent for the use of cookies and similar technologies and the processing of personal data is legally required, and in accordance with Article 6 (1) (f) GDPR based on our legitimate interest in consent management.

11. Sentry

To ensure the technical stability of our Platform, we use Sentry, an analysis service provided by Functional Software, Inc. (“Sentry"). Through the service, we collect user data such as the IP address, browser and device information, as well as any steps that led to a technical error in the code (including stack trace). Bugs are reported by Sentry.io and can be analyzed. The service does not use cookies or similar technologies. Sentry processes the data on our behalf.

Data collection and data storage is carried out in accordance with Section 25 Paragraph 2 No. 1 TTDSG. The subsequent data processing is carried out in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR on the basis of our legitimate interest in ensuring the functionality and availability of our Platform and based on our legitimate interest in efficient error monitoring, elimination and performance monitoring.

12. Registration

In order to use the services and conclude investment and profit participation contracts via the Platform, you must successfully register on the Platform and create a user account using a valid email address and/or connect your account to a Blockchain wallet.

The user's registration may require the successful completion of an identification process and the positive verification of the legal requirements for money laundering regulations (in particular the Money Laundering Act), the so-called KYC process, see point 13.

For successful registration as an investor, we also require the investor account to be activated by us and, in the case of Crowdinvesting, require approval of the liability umbrella. Our activation and an approval by the liability umbrella occurs at our and the liability umbrella’s own discretion. Only after successful completion of the KYC process and activation of the account can the user conclude investment and profit participation contracts via the Platform and acquire or receive participation rights in the form of tokens via the Platform.

a) Natural person
If you register as a natural person on our Platform, we collect your first and last name, your address and email address. We will then send you an email to the email address you provided, asking you to verify your email address and confirm registration on our Platform (so-called double opt-in procedure).

b) Legal entities or partnerships
If legal entities or partnerships register as investors in their own name and on their own account and not on behalf of a third party, in particular not as trustees, we collect data from the registered Platform user. This includes the first and last name, position in the company and email address. After entering the data, the registered user receives an email asking them to verify the email address provided and to confirm registration on our Platform (so-called double opt-in procedure).

For successful registration of a legal entity or partnership, further company information must be provided, such as the company name, a general company description, the commercial register number and company address.

13. Know-Your-Customer ("KYC") Process

As part of the registration, an identification process and a money laundering check, the so-called “KYC” process, may take place. This applies in particular to participation in a public fundraising campaign (hereinafter referred to as "Crowdinvesting"). The KYC process is intended to prevent business relationships from developing with people who are linked to, among other things, terrorism, corruption or money laundering. Another goal is to ensure compliance with applicable sanctions.

The identity check and the comparison of your data according to money laundering regulations may be carried out for Private Offers via a service provider connected to the Platform (e.g. IDnow GmbH, Munich) and for Crowdinvesting via a service provider commissioned by our liability umbrella. Further information about Idnow GmbH's identification process can be found at https://www.idnow.io/de/faq/.

In the context of us providing investment brokerage services, the liability umbrella sends us the results of its KYC checks in order for us to fulfill our legal obligations. The liability umbrella is responsible for processing your data itself. Further information can be found in the liability umbrella's data protection information at https://concedus.com/dokumentencenter/. We may also pass on the data to the fundraising company.

13.1 Identity verification

Identity verification ensures that a known natural and real live person is behind any transaction. As a primary outcome, it proves that any person is who they say they are. It is required by law and prevents one person from carrying out a transaction on behalf of another person without authorization and using fake identities to commit fraud.

We receive the identification result, which contains images of the user and the identification document.

Data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with. §§ Sections 10, 11 para. 1 sentence 1, 12 GWG on the basis of a legal obligation to identify contractual partners, any persons acting on their behalf and beneficial owners before establishing a business relationship.

a) Natural person
For the purpose of identification, we collect the following data in accordance with Section 11 paragraphs 4 and 5 GWG: first and last name, place of birth, date of birth, nationality and a residential or postal address.

During identity verification, the user's ID and identity are checked via Auto-Ident or VideoIdent, depending on legal requirements. The identity check is carried out using a valid identification document (e.g. passport, ID card, residence permit, driving license).

As part of the identity check, the identification document is first verified. The document’s key information is read and static security checks are carried out. Biometric verification is then carried out in which the user is compared with the image of the ID document.

b) Legal entities or partnerships
For the purpose of identification, we collect the following information in accordance with Section 11 Paragraphs 4 and 5 GWG: formal legal company name or designation, legal form, registration number, if available, address of the registered office or main branch and the names of the members of the representative body or the names of the legal representatives.

For the verification, an extract from the commercial register, confirmation of the representative’s status as an authorized representative, the certificate of incorporation and a list of shareholders must be uploaded. We also need information about the shareholders who own more than 25 percent of the shares in the company. The first and last name, the respective company share, date of birth, place of birth, nationality and address are recorded.

Depending on the product, the identity check is carried out by the company or the liability umbrella, which may commission IDnow.

13.2 Sanctions list comparison

Part of the KYC process is the comparison of the actual beneficial owners with sanctions lists. We check whether the investor or beneficial owner is on sanctions lists. Sanctions lists are lists of people, groups or organizations against whom economic or legal restrictions have been imposed. No financial assets or economic resources may be made available, directly or indirectly, to those included in these lists.

As part of the sanctions list check, the name and address of the authorized person are compared with the sanctions lists. If we do not find a corresponding entry, the check is completed without any further consequences for the person concerned. If we we find a potential match, we inform the person concerned about this result and give them the opportunity to comment. A decision is then made about establishing or continuing a business relationship. If the data of the person concerned matches a data set on the sanctions list, we are obliged to report the hit to the Deutsche Bundesbank. The result of this test is recorded as evidence.

Data processing related to the comparison with sanctions lists is carried out in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR in order to fulfill our legal obligation to check and comply with sanctions lists.

13.3 Determination of PEP status (politically exposed persons)

According to the Money Laundering Act, as part of the general due diligence obligations in accordance with Section 10(1) no. 4 GWG, we check whether the investor or its beneficial owner is a politically exposed person (hereinafter “PEP“), a family member or a person known to be close to a PEP, see Section 1 para. 13 et seq. of the GWG. This is done as part of our KYC process.

According to Section 1 para. 12 of the GWG, any person who holds or has held a high-ranking, important public office at the international, European or national level or who holds or has held a public office below the national level whose political significance is comparable is to be regarded as a PEP.

As part of the PEP check, the name and address of the beneficiary are compared with the PEP lists. Identification as a politically exposed person, a family member of a PEP or a person known to be close to a PEP means that there is a higher risk of money laundering or terrorist financing in accordance with Section 15 of the GWG, which is why we must fulfill increased due diligence obligations in accordance with Section 15 of the GWG. In order to fulfill our due diligence obligations, additional personal data may be collected, for example in order to be able to determine the origin of the assets used as part of the business relationship.

If we have any facts that indicate that
- an asset that is related to a business relationship or a transaction comes from a criminal offense that could constitute a predicate offense of money laundering,
- a business event, transaction or asset is related to terrorist financing or
- you do not fulfill your disclosure obligation in accordance with Section 11 para. 6 sentence 3 GWG, whether you want to establish, continue or carry out the business relationship or transaction for a beneficial owner,

we are legally obliged to report suspected money laundering to the Central Office for Financial Transaction Investigations.

We reserve the right to check the PEP status at appropriate intervals during the ongoing business relationship.

The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with. § Section 10 para. 1 no. 4 GWG and Section 15 para. 2, 3 no. 1 GWG on the basis of a legal obligation to check and fulfill increased due diligence obligations in accordance with Section 15 GWG to combat money laundering.

13.4 Adverse-Media Check

On a case-by-case basis, part of the KYC process may include carrying out an adverse media screening of investors or their beneficial owners.

Adverse media is publicly available information that is viewed by financial institutions as relevant to financial crime risk management. The purpose of the comparison is to determine whether the high-risk data subject has been investigated for money laundering or terrorist financing in the past or whether the data subject has been subject to regulatory enforcement in the past.

The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with. § Section 10 para. 1 no. 4 GwG on the basis of our legal obligation to fulfill our due diligence obligations to combat money laundering and in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate interest in protecting ourselves against financial, legal and reputational risks.

14. User account; Linking a wallet; Conclusion of investment and participation contracts

Companies, investors and token recipients need a blockchain wallet to issue, purchase, receive and hold tokens. We have integrated a wallet infrastructure on our Platform. This gives you the option of connecting your user account to one or more wallets (e.g. MetaMask, WalletConnect, Coinbase Wallet) or having the Platform create a “virtual wallet” that is connected to your Google account. Your user account will then be linked to your wallet address or Google account and signed with your private key or Google account password.

By registering, you have the opportunity to conclude investment and profit participation contracts via our Platform and to invest in companies. You can manage the token-based investments and participations yourself in your account.

Deletion of your user account is possible at any time and can be done by sending a message to our address above. You also have the option of deleting your user account yourself by logging into the platform and using the delete function under "Account". Issued tokens and the associated smart contracts remain on the public Ethereum and/or Gnosis blockchain regardless of whether your user account still exists. If you request the deletion of your user account, we will block your data with regard to the statutory retention periods and delete it after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of your data as permitted by law, about which we will inform you accordingly below.

15. Appropriateness check

When providing investment brokerage services, we and the liability umbrella are legally obliged to assess the appropriateness of the investments for investors. As a tied agent, we are also obliged to transmit the results of the appropriateness check to the liability umbrella. The liability umbrella is separately responsible for the processing of your data. Further information can be found in the data protection information of the liability umbrella at https://concedus.com/dokumentencenter/.

In order to assess the appropriateness of the investments for you as an investor, we request information about your knowledge and experience as an investor with regard to transactions with certain types of financial instruments or investment services as part of the registration process or an individual investment. This includes information about the types of financial investments with which you are already familiar, the type, scope, frequency and period of past transactions with financial investments, as well as information about your training and professional activity. We also ask you about your assets and income. This includes estimates of your monthly income and details of your investment portfolio. This data is processed to determine your maximum investment amount. Based on the information you provide about your previous knowledge and experience with securities and investments as well as capital market products and your financial circumstances, we create an investor and financial profile.

We will only inquire about your financial circumstances to the extent that this is required as part of providing investment brokerage services or otherwise required by law, and only with the aim of providing you the resulting information required by law, but not for the purpose of providing personalized investment recommendations.

It is your choice whether or not to provide information about your financial knowledge and experience, however, without this information, the liability umbrella and we as a tied agent cannot assess whether the investments available on the Platform are appropriate for you.

The evaluation may show that your financial knowledge and experience are not sufficient to adequately assess the risks associated with the acquisition of these types of securities. If the liability umbrella and we, as part of the appropriateness check, come to the conclusion that the investments offered are or may not be appropriate for you, we will inform you accordingly. Informing you of such a decision serves merely as a warning. You still have the opportunity to invest if you choose to do so.

Data processing is carried out in accordance with Art. 6(1) sentence 1 lit. c GDPR in conjunction with Section 16 (2) FinVermV on the basis of our legal obligation to carry out an appropriateness check prior to providing investment brokerage services.

16. Setting up a Monerium account

Monerium EMI ehf., Bjargargata 1, 102 Reykjavík, Iceland (“Monerium”) operates a proprietary on-chain payment solution that automates the issuance and redemption of electronic money and facilitates automatic settlement and reconciliation.

You have the option of setting up a Monerium bank account when subscribing to certain investments on the Platform. By setting up a bank account with Monerium, you will receive a Monerium IBAN ("IBAN") that you can use to add funds for issuing e-money on the blockchain. In addition, you get the opportunity to hold electronic money in different currencies at the same time.

If you have a Monerium bank account, you can link the Monerium IBAN to your user account on this Platform.

Each IBAN is customer-specific and managed by Monerium. When funds are transferred to your IBAN account, an automatic process is initiated that issues e-money to your linked blockchain address oder “virtual wallet” linked to your Google account. You can also use your IBAN to send payments via traditional payment networks such as the Single Euro Payments Area ("SEPA"). Once you submit a send request, the corresponding value of e-money will be redeemed from your linked blockchain address or Google Account “virtual wallet”. Monerium charges for its services in accordance with the fee schedule available on the Monerium website: https://monerium.com/.

If you decide to set up a bank account with Monerium, we will transmit the result of our KYC check to Monerium in order to fulfill your legal obligations in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR. Monerium is responsible for processing your data. Further information can be found in Monerium's data protection information at https://monerium.com/policies/privacy-notice/.

For more information about Monerium and its services, please visit https://monerium.com/policies/business-terms-of-service/.

17. Hotjar

We use the web analytics service Hotjar of Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (“Hotjar”).

Hotjar collects information about the use of our Platform on our behalf to evaluate it, compile reports on activities within this Platform. Hotjar sets cookies on our Platform for these purposes, which are stored on your device, as well as web storage.

The following data is processed as part of web analytics: IP address and geographical location, browser and device information, and referrer URL. In addition, information about the usage behavior of our visitors on the Platform is recorded. With Hotjar, we can record your mouse and scroll movements and clicks. Hotjar can also determine how long you stayed with the mouse pointer on a specific spot. Hotjar creates so-called heatmaps from this information, which can be used to determine which areas of the Platform are preferred by the Platform user. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels). Hotjar creates pseudonymous user profiles. The collected data is stored for 12 months.

The data is usually transmitted to a server in the USA.

Data collection and storage are carried out in accordance with § 25 (1) TTDSG. Subsequent data processing is carried out in accordance with Article 6 (1) (a) GDPR based on your explicit consent. You can revoke your consent at any time with effect for the future in the consent settings.

For more information on Hotjar's privacy policies, please visit https://www.hotjar.com/privacy.

Last edited: 27 June 2024

We use essential cookies to make our website work. To improve and personalize your experience, we ask for your permission to use additional cookies. In some cases, the information gathered via the cookies is processed in the USA, where legal regulations concerning data privacy and processing activities differ from those in the EU and the UK.
Do you consent to the use of cookies and the associated processing of your personal data in the EU and the USA?
For more information on cookies and data protection, see our Privacy Notice. You can select or change your own cookie settings or withdraw your consent anytime by clicking on "Customize".

We’re always a DM away.

Do you want to learn more about Tokenize.it?
Get in touch now!

Take the first step towards streamlining equity management with our cutting-edge platform. Schedule a quick call to learn more.