Privacy Policy
This Privacy Policy explains what personal information we collect, how we use this information and what rights you have as a data subject. DVX Networks GmbH, located at Teerhof 59, 28199 Bremen, Germany, is responsible for data processing in accordance with this policy. If you have any questions or concerns, you can contact us by email at info@metacharts.io or use the contact form provided on our website. Detailed contact information can be found in the imprint of our website. A data protection officer has been appointed and can be contacted via the email or postal address provided. This policy applies to the websites operated by Metacharts. Access to our websites is restricted to persons who are at least 18 years old. The use of these websites requires the provision of personal data. When processing this data, we strictly observe the provisions of data protection law, in particular those of the General Data Protection Regulation (GDPR). Personal data includes all information relating to an identified or identifiable natural person. You can view, save or print out the content of this privacy policy at any time using the corresponding function of your browser. This privacy policy applies to the use of the metacharts.io website and to the purchase of NFTs (non-fungible tokens) via this platform. Metacharts acts in its capacity as controller pursuant to Article 4(7) of the GDPR.
1. Data that we process
The data that we process is, on the one hand, data that you provide on the site and, on the other hand, data that is generated when you use the site.
2. Data processing activities
Metacharts processes the following personal data for the following purposes:
2.1.1 In order to provide you with the Site (Art. 6(1)(b) GDPR) and to detect, prevent and investigate attacks on the Site (Art. 6(1)(f) GDPR), we process the following personal data:
- URL;
- Date and time of your access to the website;
- Name and version of the browser;
- Browser type and settings;
- Operating system; and
- Referral URL.
Your data is processed on the basis of Article 6(1)(b) of the GDPR, which permits data processing for the initiation or performance of a contract of use. The log files are also used to ensure the security and functionality of our website and to statistically evaluate its use. We base this on our legitimate interest in the secure and efficient operation of our website in accordance with Article 6(1)(f) of the GDPR. Your interests are protected by measures such as anonymization and regular deletion of data. For more information on cookies and log files, please refer to the explanations below.
2.1.2 Metacharts' legitimate interest is to be able to detect, prevent and investigate attacks on the website and thus prevent damage to Metacharts and its users.
2.1.3 We store the aforementioned personal data for as long as it is necessary to enable you to access our website or to assert or defend against legal claims. In addition, we store your data in order to comply with statutory retention obligations.
2.1.4 The provision of the above-mentioned personal data is necessary for the use of the website. If you do not provide this personal data, you will not be able to use the website.
2.1.5 The processing of your personal data mainly serves the operation of our website and the provision of the services that we offer you through it. We process personal data only to the extent necessary for the initiation and execution of contracts, the provision and improvement of our website. Processing is only carried out as set out in this statement, confirmed by separate consent, stipulated by official or court orders or required by law. The data mentioned in this statement will be processed for the purposes stated in each case on the basis of the legal bases stated in each case. Your data will be sent encrypted by your browser via the Internet and processed on servers operated by us or for us in Germany or at least within the European Economic Area (EEA). Data is not transferred to third countries or international organizations. In addition, there is no automated decision-making including profiling in accordance with Article 22 of the GDPR.
2.1.6 Cookies
Our website uses cookies, which are small text files or database entries that are stored by your browser. This data is only accessible to the website that stored it. Cookies improve the user-friendliness and security of websites. For security-critical data, we primarily use so-called session cookies. These ensure that no one else can access the data you enter in forms or your user account. Session cookies are deleted after your visit as soon as you close your browser. The cookies used on our platform do not cause any damage to your computer and do not contain any viruses. You have the option of preventing the storage of cookies in your browser settings. Please note, however, that this may mean that not all functions of the site can be used to their full extent. This also applies to the deletion of cookies that have already been saved.
2.1.7 Log file
To ensure the security and functionality of our website, we create access logs (log files) on our servers. These logs contain data about every access to the site that your browser transmits to our server when a connection is established. This data includes your IP address, which is shortened before being saved, the time of access, the address (URL) accessed, whether the access was successful and the data volume of the transmission. If your browser transmits additional data such as the previously visited page (referrer) and information on the operating system and browser used, this will also be recorded unless you deactivate this transmission in the browser settings. The log files are deleted regularly, at the latest after one week. Before deletion, the data can be statistically evaluated, whereby this evaluation does not allow any conclusions to be drawn about your person. All logged data is stored separately from any personal data you may have provided and is not merged with it.
2.1.8 Contact / e-mail
We need your e-mail address to set up your user account. We use the double opt-in procedure to check the authenticity of this address. Our servers will send you an email with a confirmation link that you can use to verify your email address. This e-mail is sent in encrypted form if your e-mail service supports this. As part of this process, we store not only your e-mail address but also the time and IP address of your registration and confirmation as well as the confirmation link. This data is treated in the same way as the master data of your user account and processed on the same legal basis; it is deleted together with the master data at the latest.
If you contact us via a contact form, the data you provide will be encrypted and transmitted to us by e-mail via our servers and used exclusively to process your request. Responses to your inquiries are also sent in encrypted form, provided your email service supports this. After final processing of your inquiry, we will delete the personal data provided by you via the contact form or in a reply communication.
The legal basis for data processing, when it comes to your registration or a user account, is the initiation or fulfillment of a user contract in accordance with Article 6 (1) (b) of the GDPR. In other cases, the processing is based on our legitimate interest in contacting users of our website and enabling them to contact us in accordance with Article 6(1)(f) of the GDPR.
2.1.8 Protective measures
We take appropriate technical and organizational security measures, taking into account the nature, scope, circumstances and purposes of the data processing and the risks to your rights and freedoms. These measures are designed to ensure compliance with legal regulations and are always updated in line with the latest state of the art. The measures include, in particular, the encryption of your data. In addition, personal data is managed separately from other data in organizational terms.
The facilities and systems used for data processing are protected both physically and digitally against unauthorized access. Our servers are password-protected and can only be accessed via encrypted connections. To further strengthen security, we carry out regular tests and continuously update our software to close potential security gaps.
Only authorized persons (our employees) are granted access to personal data, and only to the extent necessary to perform their work tasks. All employees are trained in the handling of personal data and are obliged to maintain confidentiality. In addition, regular backups protect the data from loss and enable it to be restored if necessary.
The default settings of our systems ensure that only the personal data necessary for the respective processing purpose is processed, thereby complying with the principles of data minimization. Our technical and organizational measures also guarantee the confidentiality, integrity, availability and resilience of the systems. We regularly check compliance with data protection regulations and adapt the measures if necessary.
2.1.9 How long we process your data
If no purchase contract is concluded, we will delete your data at the end of the user contract or after failed contract negotiations. If you conclude a Premium Membership, your profile data will also be deleted at the end of the user contract. The processing of your master data and contract data will be restricted at this time, i.e. they will only be stored and no longer actively processed for the dating site.
The final deletion of your data takes place after expiry of the retention periods under tax and commercial law, which can be up to 10 years, as well as after expiry of the limitation periods for reciprocal claims arising from the contract, which - if no claims are in dispute - expire no later than three years after the end of the year in which the contract was concluded. In addition, data in log files is deleted after one week at the latest and data in session cookies is automatically deleted at the end of the session.
Please note that data can only be deleted if it is no longer required to comply with legal regulations or to assert, exercise or defend legal claims. You also have the right to erasure of your data, which you can assert at any time as long as the above conditions are met.
2.1.10 After a purchase has been completed, your payment data may be passed on to a payment service provider in order to process the payment transaction, in particular to collect the agreed usage fee via your chosen payment method. This transfer is based on the same legal basis as the collection of payment data, namely contract processing in accordance with Article 6(1)(b) of the GDPR.
We may also have our Internet servers operated by external service providers, whereby the servers are operated on our behalf. The legal basis for this data processing by the service provider is an order processing contract in accordance with Article 28 GDPR. As already mentioned, the servers are generally located in Germany and all data transmission is encrypted so that external service providers do not have access to your personal data.
We may also commission external service providers such as tax consultants for accounting, tax matters and customer support. It may be necessary to pass on your contract data to these service providers. Data processing by the service provider is also carried out on the basis of an order processing contract in accordance with Article 28 GDPR. If the transfer of your data is necessary to fulfill legal obligations, this is based on Article 6 (1) (c) of the GDPR. Otherwise, the transfer of data is based on our legitimate interest in properly and economically fulfilling our legal and contractual obligations (Article 6(1)(f) of the GDPR).
In exceptional cases, your data may also be passed on to third parties in order to enforce or defend legal claims, for example by legal service providers such as debt collection agencies or lawyers. The purpose of this disclosure is the assertion, exercise or defense of legal claims, in particular if you assert claims against us or we wish to assert claims against you. Here, too, the disclosure is based on our legitimate interest in defending ourselves against claims or pursuing them (Art. 6 para. 1 letter f of the GDPR). All third parties to whom your data is passed on are also obliged to protect data and must comply with the provisions of the GDPR.
2.2 Purchase of NFT
2.2.1 In order to enable you to purchase NFTs, we process the following personal data (Art. 6(1)(b) GDPR)
- a. Your first and last name;
- b. Your e-mail address;
- c. Your wallet address;
- d. Time of the purchase.
2.2.2 For the aforementioned purpose, we retain the personal data concerned for as long as necessary to process the purchase transaction, as well as to pursue or defend against legal claims or to comply with statutory retention obligations.
2.2.3 We store the aforementioned personal data for as long as is necessary to respond to the request.
2.2.4 The provision of the above personal data is necessary for you to purchase “NFT”. If you do not provide this personal data, you will not be able to purchase NFT.
2.3 Marketing communications
2.3.1 In order to provide you with information about Metachart's products and services, we process the following personal data (Art. 6(1)(a) GDPR):
- Your e-mail address;
- Your wallet address.
2.3.2 We store your personal data for the above-mentioned purposes until you withdraw your consent. The withdrawal of your consent does not affect the lawfulness of the data processing that has taken place on the basis of your consent up to the time of withdrawal.
2.4.3 The provision of your personal data for marketing purposes is voluntary. If you decide not to provide this data or not to give your consent to the use of your data for marketing purposes, you will not receive any marketing material from us.
2.5 Use of cookies and social plug-ins
2.5.1 Universal analytics
a. Our website uses Universal Analytics, a web analytics service provided by Google LLC, Google Ireland Ltd. or other companies that either directly or indirectly control, are controlled by, or are under common control with Google LLC. Universal Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
b. We process your data on the basis of your consent (Art. 6(1)(a) GDPR). We store the above-mentioned personal data until you withdraw your consent. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
c. In order to analyze your use of the website and compile anonymous statistics, the following personal data is processed by Google on our behalf:
- - Time spent on the website;
- - time spent on each individual page and the order in which the individual pages are visited
- - which internal links you click on when visiting the website;
- - Previously visited websites;
- - First page viewed;
- - IP address;
- - Geographic location;
- - Browser (including plug-ins) and operating system;
- - Screen resolution and whether Flash or Java is installed in the user's browser.
d. As part of our use of Universal Analytics, the data about your website usage is transferred on our behalf to Google servers located in the USA and stored there. Our website also activates the IP anonymization function offered by Google Analytics. This means that your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. This happens as soon as Google receives your IP address. Further information on IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de
3 Recipients and data transmitters
3.1 We use processors who provide certain services for us. These processors may only process the data transferred to them in accordance with our instructions and only to the extent necessary for the provision of these services. In addition, we conclude contractual agreements with all our processors that oblige them to maintain the confidentiality and security of the personal data processed. These measures ensure that the data is processed in accordance with our data protection standards and legal requirements.
3.2 The level of data protection in countries outside the European Economic Area (EEA) may differ from that within the EEA. If we transfer your personal data to such countries, we will ensure that an adequate level of data protection is guaranteed. We achieve this by only transferring your data to countries for which the European Commission has officially determined an adequate level of data protection or by taking additional protective measures. One of these measures is the conclusion of standard contractual clauses, which have been approved by the European Commission, with the recipients of your data in third countries. We can provide you with copies of these standard contractual clauses on request. Please contact us using the contact details above for more information or to request a copy of the contractual clauses.
4. your rights
If your personal data is processed by us, you have certain rights vis-à-vis the data controller in accordance with the applicable data protection regulations. You can assert these rights with us at any time. To exercise your rights or if you have any questions about data protection on our website, you can contact us using the contact details listed at the beginning of this privacy policy and in the legal notice. We are at your disposal for any concerns or information on data protection.
4.1 Right of withdrawal
In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
4.2 Right to object
In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data at any time. This also applies in particular to an objection to processing for the purpose of direct marketing.
4.3 Right to lodge a complaint
In accordance with Article 77 of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations. In this case, the competent supervisory authority at the registered office of the controller is the State Commissioner for Data Protection and Freedom of Information (LDI) for Bremen. The full contact details and further information can be found on their website at https://www.datenschutz.bremen.de. Your right to lodge a complaint with another supervisory authority remains unaffected by this. In addition, you also have the option of seeking further administrative or judicial remedies independently of a complaint to a supervisory authority.
4.4 Right to information
In accordance with Art. 15 GDPR, you have the right to request information from us. In addition to further information, most of which you can already find in this declaration, the right of access includes in particular the right to a copy of your personal data that is the subject of processing. The restrictions under Section 34 BDSG also apply to the right of access.
4.5 Right to rectification
In accordance with Article 16 of the General Data Protection Regulation (GDPR), you have the right to request the immediate rectification of inaccurate personal data concerning you. This means that you can request the correction of incorrect information that we have stored about you. In addition, taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data. This can be done by submitting a supplementary statement containing the missing information. If you wish to make use of these rights, you can contact us at any time to arrange for appropriate adjustments or additions to your data.
4.6 Right to erasure
In accordance with Art. 17 GDPR, you have the right to request that we erase personal data concerning you. If the data does not have to be erased, you may request that further processing be restricted. In addition, the restrictions under Section 35 BDSG apply to the right to erasure. The right to erasure includes the so-called right to be forgotten.
4.7 Right to restriction
In accordance with Art. 18 GDPR, you have the right to demand that we restrict the processing of your personal data. After this, the data - apart from its storage - may no longer be processed.
4.8 Right to data portability
In accordance with Art. 20 GDPR, you have the right to the portability of personal data concerning you that you have provided to us. Your right to erasure remains unaffected.
4.9 Obligation to notify
In accordance with Article 19 of the General Data Protection Regulation (GDPR), we are obliged to inform all recipients to whom your personal data has been disclosed of any rectification, erasure or restriction of processing of your data. This is done to ensure that all those who have had access to your data are also informed of its most up-to-date status, provided this is technically feasible and does not represent a disproportionate effort.
If you would like information about which recipients have been informed about changes in the processing of your personal data, you can request such information from us. We will inform you accordingly about these recipients. This ensures transparency and gives you the opportunity to effectively monitor and enforce your rights.