Privacy Policy
English version – for information only. German version prevails.
We, Dwinity Media GmbH, Am Haag 8, 82166 Gräfelfing, Germany (hereinafter referred to as Dwinity), inform you here about the processing of personal data for which we are responsible within the meaning of the EU General Data Protection Regulation (GDPR). In addition to the option of contacting us by post, you can also contact us at any time via .
We have compiled the most important information on data processing for you below. Where the term “data” is used in the text, this refers solely to personal data within the meaning of the GDPR.
1. users of the website
1.1 Server log data
When using the website, certain information is sent to the server of our website by the browser used on the end device for technical reasons. This data is stored and processed on our server.
(i) The purposes of data processing are to provide the website content you have accessed, to ensure security and stability and to statistically evaluate and technically optimize the website. There are no plans to change these purposes.
(ii) The processed data is HTTP data: HTTP data is protocol data that is generated for technical reasons when the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), the set language, date and time of access. HTTP(S) data is also collected on the servers of our service providers (e.g. when accessing third-party content).
(iii) The legal basis for the processing is our legitimate interest in operating the website and ensuring stability and quality (Art. 6 para. 1 lit. f GDPR and Section 25 para. 2 no. 2 TTDSG).
(iv) The data is automatically provided by the user’s browser. It is determined by a pixel or a log file. No cookies are set.
(v) The recipients of the personal data are IT service providers that we use as part of an order processing agreement. Please refer to the list at https://dwinity.com/dienstleister/ for the service providers we currently use and their role under data protection law.
(vi) IP addresses are anonymized after 24 hours at the latest. Usage data is deleted after 8 weeks for system-related reasons.
(vii) It is not possible to use the website without disclosing personal data. Communication via the website is not technically possible without providing data.
1.2 Technically required cookies
We use cookies on the website. Cookies are small text files that can be stored on the respective end device via the browser when the website is visited. When the website is called up again with the same end device, we can read and process the information stored in cookies. In doing so, we use the processing and storage functions of the end device’s browser and collect information from the end device’s browser memory.
In the structure of this data protection notice, we differentiate between technically necessary cookies and statistics cookies. Cookies that are technically necessary for the function of the website cannot be deactivated via the cookie management function of this website. However, cookies can generally be deactivated in the respective browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not work or may no longer work properly if cookies are generally deactivated in the respective browser.
a) Consent cookies
We use consent cookies to store the consents, possible revocations of consents and objections of the users of our website against the use of cookies on our website.
(i) The purpose of data processing is to store user decisions regarding cookies (consent, revocation, opt-out). There are no plans to change the purposes.
(ii) The processed data are
- HTTP data
HTTP data is protocol data that is generated for technical reasons when the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. - Decisions on cookies:
Decision on individual cookies or groups of cookies, time of decision and last visit.
(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies in accordance with the respective decision (Art. 6 para. 1 lit. f GDPR and § 25 para. 2 no. 2 TTDSG).
(iv) The data is actively provided by you (decision on cookies) or automatically by your browser (log data, time stamp).
(v) Please refer to the list at https://dwinity.com/dienstleister/ for the service providers we currently use and their role under data protection law.
(vi) The decision with regard to cookies is stored for 182 days.
(vii) It is not possible to use the website without disclosing personal data. Communication via the website is not technically possible without providing data.
b) Google Tag Manager
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, the Google Tag Manager records your IP address. It is possible that Google may also use the IP address collected via our website for its own purposes or for the purposes of other Google customers (e.g. to display individualized third-party advertisements). Such further processing of the data and the processing of the data after it has been transmitted by us to Google is carried out by Google as the sole controller under data protection law. In this context, Google, as the sole controller under data protection law, may store data about you in the USA. The European Court of Justice has ruled that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this.
(i) The purpose of data processing is to control the display of statistics cookies on our website and to ensure the security of the application. There are no plans to change the purposes.
(ii) The processed data is HTTP data. This is protocol data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons. This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data is also collected on servers of service providers (e.g. when accessing third-party content). Your IP address is automatically anonymized during processing.
(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies and the legally compliant presentation of the cookie notice text (Art. 6 para. 1 lit. f GDPR, § 25 para. 2 Alt. 2 TTDSG).
(iv) The data is automatically provided by the user’s browser.
(v) The recipient of the data within the scope of order processing is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In the event of disruptions and malfunctions, Google may also access the servers in Germany from so-called third countries such as the USA in order to carry out maintenance work. The EU standard contractual clauses (2021/914) have been concluded (Art. 46 para. 2 lit. c GDPR). You can request a copy of the main contractual contents of the EU standard contractual clauses at any time. Google is also certified in accordance with the EU-US Data Privacy Framework (Art. 45 GDPR).
(vi) Usage data is deleted after 9 or 18 months due to the system.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. If the data is not provided, we will not be able to use the Google Tag Manager.
1.3 Statistics cookies and advertising
The user’s consent is required for the use of statistics cookies. Consent is given by means of a so-called “cookie banner”: When you visit our website, we display our cookie banner. In our cookie banner, users can give their consent to the use of all cookies requiring consent on this website by clicking on the “Allow all” button. Without such consent, the cookies requiring consent will not be activated. By clicking on the “Reject all” button, the use of cookies requiring consent can also be completely rejected. The user’s decision is stored in a cookie. Alternatively, they have the option of clicking on the Cookie settings button to access our “cookie board”. In the cookie board, you can make an individual selection of cookies and customize them at a later date. We store the respective cookie settings in the form of a cookie on the user’s end device in order to determine whether they have already made cookie settings when they visit the website again.
Google Analytics
If the relevant consent has been given, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can examine user behavior on our website in pseudonymized form.
Users can deactivate data processing by Google Analytics at any time in our cookie board. Alternatively, Google Analytics cookies can be deactivated for the browser currently used by the respective user by deactivating the storage of cookies in the browser settings.
(i) The purposes of data processing are the analysis of user behavior and the measurement of reach on our website and of advertisements placed to optimize our website. There are no plans to change the purposes.
(ii) The processed data are
- Google Analytics HTTP data:
This is log data that is generated for technical reasons when using the web analysis tool Google Analytics used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. - Google Analytics end device data:
Data generated by the web analysis tool Google Analytics and assigned to your end device: This includes a unique ID for (re)recognizing returning users (so-called “client ID”), as well as certain technical parameters for controlling data collection for web analytics. - Google Analytics measurement data:
Device-related raw data (so-called “dimensions” and “measurement data”) that is collected and analyzed when our website is used: This primarily includes information about the sources through which the user reaches our website, information about the location, the browser used and the end device used, information about the use of the website (in particular page views, frequency of visits and time spent on pages accessed), as well as information about the fulfillment of certain goals (e.g. transactions in the online store or downloads and registrations). The data is assigned to the client ID assigned to your end device. As a result, device-related usage profiles are created in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not enable us to identify you personally (i.e. by your real name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent. Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data records collected and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). - Google Analytics report data:
Data contained in aggregated segment- and device-related reports that are created based on the analysis of the raw device-related data.
(iii) The legal basis for processing is consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG).
(iv) The data is automatically provided by the user’s browser.
(v) The recipient of the data as part of order processing is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. In the event of disruptions and malfunctions, Google may also access the servers in Germany from so-called third countries such as the USA in order to carry out maintenance work. The EU standard contractual clauses (2021/914) have been concluded (Art. 46 para. 2 lit. c GDPR). You can request a copy of the main contractual contents of the EU standard contractual clauses at any time. Google is also certified in accordance with the EU-US Data Privacy Framework (Art. 45 GDPR).
(vi) In addition, as a precautionary measure, we have obtained the consent of users via the cookie banner (Art. 49 para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future via the Cookie settings button on the cookie board.
(vii) The data will be deleted after 2 months.
(viii) The provision of data is not required by law or contract. If the data is not provided, we will not be able to analyze user behavior using Google Analytics.
Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Moreover, it is possible to link the advertising target groups generated with Google Ads Remarketing to device encompassing functions of Google. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner tailored to you as well as on any of your devices (e.g., tablet or PC).
If you have a Google account, you have the option to object to personalized advertising under the following link: https://adssettings.google.com/anonymous?hl=de.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
For further information and the pertinent data protection regulations, please consult the Data Privacy Policies of Google at: https://policies.google.com/technologies/ads?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Use of Hotjar
We utilize Hotjar to gain a deeper understanding of our users’ needs and to enhance our service. Hotjar is a technology service that helps us analyze user behavior on our website by creating heatmaps and recording sessions. This information enables us to improve the user experience.
The provider of this service is Hotjar Ltd. (“Hotjar”), Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta.
Data Collected by Hotjar
Hotjar may collect the following information:
- User interactions on the site, such as clicks, taps, and scrolling behavior.
- Non-personal information about the browser, device, and operating system.
- Geographical location (country only) based on the IP address.
- Preferred language used to display our website.
Hotjar does not collect any personally identifiable information (PII) or sensitive data.
Hotjar’s commitment to customer’s privacy rights and appropriate use of their data:
https://help.hotjar.com/hc/en-us/sections/360007966773-Data-Privacy
Use of Hotjar Cookies
Hotjar uses cookies to collect non-personal information, including standard internet log information and details of your behavioral patterns upon visiting our site. This is done to provide you with a better experience, identify preferences, diagnose technical problems, analyze trends, and generally help improve our website.
List of cookies set by the Hotjar Tracking Code:
https://help.hotjar.com/hc/en-us/articles/6952777582999-Cookies-Set-by-the-Hotjar-Tracking-Code#tracking_code_cookies
In addition, as a precautionary measure, we have obtained the consent of users via the cookie banner (Art. 49 para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future via the Cookie settings button on the cookie board.
1.4 Protection against cyber attacks
We use cyber security tools to protect our website from cyber attacks of all kinds.
(i) The purpose of data processing is to protect our website from unwanted access or malicious cyber attacks. There are no plans to change the purposes.
(ii) The data processed includes your IP address, the time and source of login attempts and log data (e.g. the browser used).
(iii) The legal basis for the processing is our legitimate interest in protecting our website as effectively as possible against cyberattacks (Art. 6 para. 1 lit. f GDPR).
(iv) The data is automatically provided by the user’s browser.
(v) Please refer to the list at https://dwinity.com/dienstleister/ for the service providers we currently use and their role under data protection law.
(vi) The data will be deleted after 60 days.
(vii) The provision of data is not required by law or contract. If data is not provided, we will not be able to use the tools.
1.5 When contacting us by e-mail, telephone, fax or contact form
If you contact us by e-mail, telephone, fax or contact form, we will store and process your request, including all personal data resulting from it, for the purpose of processing your request. We will not pass on this data without your consent.
(i) The purpose of the processing is the preparation and execution of a contractual relationship or other communication. There are no plans to change the purposes.
(ii) The processed data are name, contact details, communication content, time and technical metadata of the communication.
(iii) In the case of contracts with natural persons, the legal basis for processing your data is the initiation of a contract or the contract itself (Art. 6 para. 1 lit. b GDPR), in the case of contracts with legal entities, our legitimate interest in communicating with the contact persons relevant to the contract (Art. 6 para. 1 lit. f GDPR), and always legal obligations, in particular tax and commercial law regulations (Art. 6 para. 1 lit. c GDPR). In the case of pure communication, the legal basis is our legitimate interest in the documentation of communication processes (Art. 6 para. 1 lit. f GDPR).
(iv) The contact details are actively provided by you. The communication metadata and communication data are collected automatically.
(v) Contact and contract data may be transmitted to other service providers, business partners, offices and authorities if this is necessary for the execution of the contract or order. We also use service providers as part of order processing for the provision of services, in particular for the provision, maintenance and servicing of IT systems. Please refer to the list at https://dwinity.com/dienstleister/ for the service providers we currently use and their role under data protection law.
(vi) The data of contractual partners and service providers will be deleted ten calendar years after termination of the contract or order. Inquiries and pure communication will be deleted once the purpose (e.g. completed processing of your request) no longer applies.
(vii) The processing of data is necessary for establishing contact. Communication is not possible without providing data.
1.6 Newsletter subscription and delivery
(i) Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use the newsletter service providers described below to process the newsletter.
(ii) Mailjet
This website uses Mailjet to send newsletters. The provider is Mailgun Technologies Inc, 112 E Pecan Sr #1135, San Antonio, Texas 78205, USA.
Mailjet is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter is stored on Mailjet’s servers.
(iii) Data analysis by Mailjet
With the help of Mailjet, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often.
We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.
Mailjet also enables us to divide newsletter recipients into different categories (“clustering”). The newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.
If you do not wish to be analyzed by Mailjet, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message
Detailed information on the functions of Mailjet can be found at the following link: https://www.mailjet.de/funktion/.
You can find Mailjet’s privacy policy at
https://www.mailjet.de/sicherheit-datenschutz/.
(iv) Legal basis
Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
You can find details here: https://www.mailjet.de/av-vertrag/.
(v) Storage period
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
(vi) Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
1.7 Activity Tracking
In case you take part in activity based interactions e.g. airdrops and preparation activities thereof, your data will be processed by Gleam. You find all relevant privacy statements here: https://gleam.io/privacy
Dwinity will retrieve personal data from gleam as name, email and wallet address under the ruler of a DPA for the allocation of activity based token.
1.8 Note on social media links
We also link offers from other partners and service providers (e.g. Facebook, LinkedIn) on our website. Any content is not integrated on our website. Clicking on the link will take you to the website of the respective company. The processing of your personal data there is then the responsibility of that company. Details on the processing of personal data can be found in the data protection notices on the respective websites.
2 Rights of data subjects and further information
(i) We do not use automated individual decision-making procedures.
(ii) There are no plans to change the aforementioned purposes.
(iii) If your personal data is incorrect or incomplete, you have a right to rectification and completion.
(iv) You can request the deletion of your personal data at any time, unless we are legally obliged or entitled to continue processing your data.
(v) If the legal requirements are met, you can request that the processing of your personal data be restricted.
(vi) You have the right to object to the processing if the data processing is carried out for the purpose of direct advertising or profiling.
(vii) If the processing is based on a balancing of interests, you can object to the processing by stating reasons that arise from your particular situation.
(viii) If the data processing takes place on the basis of your consent or within the framework of a contract, you have the right to transfer the data provided by you, provided that this does not affect the rights and freedoms of other persons.
(ix) If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. The processing carried out prior to a revocation remains unaffected by the revocation.
(x) You also have the right to lodge a complaint with a data protection supervisory authority at any time if you are of the opinion that data processing has taken place in breach of applicable law.
Status: November 2024