Privacy Policy of 21X AG
21X AG, headquartered in Frankfurt am Main, Germany, is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. We operate in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Information We Collect
We collect various types of information in connection with the services we provide, which include operating a DLT trading system and managing crypto securities registers.
- Personal Data You Provide: When you interact with our online platform, particularly through our contact form, we collect personal information you voluntarily provide. This may include your name, email address, and any message content.
- Technical Data: As you navigate our site, we may automatically collect certain technical information. This can include your IP address, browser type, operating system, referring URLs, and device identifiers. This data is primarily used for site optimization and security.
- Usage Data: We may collect information about how you use our site, such as pages viewed, time spent on pages, and clickstream data. This helps us understand user behavior and improve the user experience.
2. How We Use Your Information
We use the collected information for various purposes:
- To Provide and Maintain Our Services: This includes operating our DLT trading system and managing crypto securities registers securely and efficiently.
- To Respond to Your Inquiries: If you use our contact form, we will use your provided details to communicate with you regarding your questions or requests.
- For Security and Fraud Prevention: To protect our online platform and users from fraudulent activities and unauthorized access.
- For Analytics and Improvement: To understand how our site is used and to make improvements to its functionality and content.
- To Comply with Legal Obligations: Including our regulatory requirements as a Wertpapierinstitut authorized by BaFin (BaFin-ID: 40034974, Bak Nr.: 162185).
3. Legal Basis for Processing Personal Data
We process your personal data based on the following legal grounds as per GDPR:
- Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent for the processing of your personal data for one or more specific purposes, such as when submitting an inquiry via our contact form.
- Performance of a Contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
- Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which 21X AG is subject, for example, regulatory requirements imposed by BaFin.
- Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of the legitimate interests pursued by 21X AG or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. This includes improving our services and ensuring the security of our online platform.
4. Disclosure of Your Information
We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties without your consent, except in the following situations:
- Service Providers: We may share your data with trusted third-party service providers who assist us in operating our online platform, conducting our business, or serving our users, so long as those parties agree to keep this information confidential and comply with data protection regulations.
- Legal Requirements: We may disclose your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others' rights, property, or safety, including to BaFin or other relevant regulatory bodies.
5. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by legal or regulatory obligations. The retention period for specific types of data depends on the context and purpose of the processing.
6. Your Data Protection Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
- The Right to Access: You have the right to request copies of your personal data.
- The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
- The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
- The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time.
To exercise any of these rights, please contact us using the details provided below.
7. Security of Your Information
We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
8. External Links
Our online platform may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
10. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- 21X AG
- Frankfurt am Main, Germany
- BaFin-ID: 40034974
- Bak Nr.: 162185
Further contact details can be found on our main website.