Data Protection Declaration
Last update: 17.06.2022
Iknaio Cryptoasset Analytics GmbH (“ we “) operates the website https://www.ikna.io/ (“ Website “) as well as various social media profiles and is the controller under data protection law for any and all data processing operations outlined subsequently. This Data Protection Declaration covers
(i) the above-mentioned Website and
(ii) all social media presences outlined under clause4 (collectively “ Social Media Presences “).
Thank you for your interest in our Website and/or our Social Media Presences. The protection of your privacy is very important to us and we would like to inform you accordingly about your rights and opportunities in order to effectively support a trusting business relationship. Our data protection practice is in accordance with the General Data Protection Regulation of the European Union (“ GDPR “) in conjunction with the Austrian Data Protection Act (“ DSG “), the Austrian Telecommunications Act 2003 (“ TKG “) and other relevant legal provisions.
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this data protection declaration are defined in and by the GDPR. As such, the broad definition of “processing” of personal data means any operation or set of operations performed on personal data, such as, but not limited to, recording, organization, storage, alteration, and transmission of personal data. Any information allowing us or third parties, in a review or by additional knowledge, to potentially identify you in person, can be considered personal data, and subsequently, you as a person affected by such data processing are considered a data subject in the meaning of Art 4 no 1 GDPR.
The following Data Protection Declaration is intended to provide you with comprehensive information in the sense of Art13GDPR on how we deal with your data and what rights you have. Information may be either collected directly from you by means of input and dispositions or due to accessing one of our offers.
You are not obliged to provide data. Upon accessing our Website automatically processed data is non-personal or only stored for a very short period of time (see in particular clause 2).
Contact and information on the responsible party for data processing operations
|Responsible in the sense of Art 4 Z 7 GDPR:||Contact :|
|Iknaio Cryptoasset Analytics GmbH||E-Mail: firstname.lastname@example.org|
|Obstgartenweg 6||Web: https://www.ikna.io/|
1. Data processing operations
1.1 Processing of access data when visiting our Website
(a) Type and extent of data processing : You can visit our Website without providing any personal information. When you access our Website, only certain access data is processed automatically in so-called server logfiles. In particular, the following data is processed in this context: (i)name of visited website; (ii) browser type/version used; (iii) operating system of the user; (iv) previously visited website (referrer URL); (v) time of the server request; (vi) data volume transferred; (vii) host name of the accessing computer (IP address used). This information does not allow us to identify you personally. However, IP addresses are considered personal data within the meaning of the GDPR.
(b) Legal basis and purpose : The purpose of this data processing operation is to establish and maintain technical security in regards of our Website, to improve the Website’s quality and to generate non-personal statistical information. The processing is based on our legitimate interest (Art6para1litfGDPR) in achieving the mentioned purposes.
(c) Storage period : Currently, no server logfiles are stored. In case server logfiles are stored in the future, we will aim at automatically deleting them after thirty one (31) days, at the latest.
(a) Type and extent of data processing : When contacting us via the contact information provided in the course of this Data Protection Declaration respectively on our Website, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request, as we would otherwise not be able to contact you.
(b) Legal basis and purpose : Purpose of the data processing is to enable us an exchange with users of the Website. We answer your request based on our legitimate interest (Art6para1litfGDPR) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, we may also store your data for cultivating existing/returning contacts, which you will be informed of in accordance with the requirements of data protection law.
(c) Storage period : We delete your requests as well as your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of six (6) months and subsequently erased if we do not receive follow-up requests and if the data must not be further processed for different purposes.
(a) Type and extent of data processing : You may subscribe to our newsletter via the Website. To do so, you must provide your email address. The newsletter provides you with news about our company and services; it will solely be sent to email addresses having been indicated by interested users themselves. If you no longer wish to receive the newsletter, you can of course unsubscribe at any time by clicking on the button to unsubscribe at the end of each newsletter or by notifying us of your wish via the contact address specified on our Website and on the front page of this Data Protection Declaration. We also use the newsletter for statistical evaluations in connection with your personal data and assess the performance of the newsletter by analysing opening and click behaviour as well as information on the technical deliverability of the newsletter.
For delivery of the newsletter, we use the newsletter service “ Mailchimp “, which is operated by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Hence, your voluntarily provided data will be saved on servers of The Rocket Science Group LLC; in particular, that might entail a processing of your data in the USA. Your data will solely be used to deliver the newsletter you have subscribed to. The Rocket Science Group LLC acts as our processor in this context and is strictly bound to our instructions.
(b) Legal basis and purpose : The data mentioned above are processed in the form of a newsletter for direct marketing and are necessary to send the newsletter and contact you in the correct manner. A newsletter or other electronic advertisements will in no case be sent without your prior consent, which we obtain in accordance with Art6para1litaGDPR via the registration mask on our Website.
Each and every analysis of the newsletter’s performance is conducted for the purpose of evaluating success and reach on the legal basis of our legitimate interest in producing newsletter statistics that are easy to handle and effective in marketing terms in a cost-efficient manner (Art6para1litfGDPR).
(c) Storage period : All data having been collected for the delivery of the newsletter shall be erased within seven (7) days after a potential cancellation of the subscription, as long as no legal retention periods demand otherwise and the data are not lawfully processed for other purposes as well.
2. Storage and tracking technologies
Cookies are small data sets that are stored and managed on your end device by your browser. They help us to make our offer more user-friendly. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognize the user and his settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device.
Cookies always contain the following information:
– name of the cookie;
– name of the server the cookie originates from;
– ID number of the cookie;
– an end date at the end of which the cookie is automatically deleted.
Cookies can be differentiated according to type and purpose as follows:
– Necessary/essential cookies : Such cookies are required for the operation of the Website and are essential to navigate the Website and to use its full range of functions (eg to access protected areas of the digital appearance). Without these cookies, Websites cannot function properly on many occasions. Furthermore, – from a legal point of view – all cookies which are absolutely necessary for us for other reasons in order to be able to provide our services, may be categorized essential if the respective services were expressly requested by you. Necessary cookies are always first-party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below) and are also used on our Website legally permissible without obtaining prior consent .
– Functionality cookies : These cookies allow websites to remember information that affects the way a website behaves or looks, like preferences in the language settings or the geographical region from which the website is accessed.
– Performance cookies : These types of cookies allow website operators to understand how visitors interact with their website by collecting and analyzing information about user behavior anonymously. In particular, the following information may be stored: (i) accessed sub-pages (duration and frequency); (ii) order of pages visited; (iii) search terms used having led to the visit of the respective website; (iv) mouse movements (scrolling and clicking); (v) country and region of access. These cookies allow to determine what a user is interested in and thereby adapt the content and functionality of the website to individual user needs.
– Tracking cookies : These cookies allow tracking of visitors when accessing Websites. The intention behind this is to display advertisements that are relevant and appealing to the respective user and therefore have more value for the publisher and the third-party advertiser. This can be achieved by analyzing user behavior and display of personalized advertising based on the interests determined. Among other things, they collect information about previously visited websites. If you consent to the placement of these cookies, tracking cookies may be placed on your device as specified in the cookie consent tool and our cookie description.
With regard to the storage period cookies can be further differentiated as follows:
– Session cookies : Such cookies will be deleted without any action on your part as soon as you close your current browser session. Such cookies, for example, allow you to remain logged in to your password-protected customer account during navigation on websites by assigning you a specific session ID.
– Persistent cookies : Such cookies (eg to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed. Among other things, they enable cross-session user tracking.
Furthermore, cookies may be differentiated by their subject of attribution :
– First-party cookies : Such cookies are used by ourselves and placed directly from our Website. Browsers generally do not make them accessible across domains which is why the user can only be recognized by the page from which the cookie originates.
– Third-party cookies : Such cookies are not placed by the website operator itself, but by third parties when visiting a specific Website, in particular, for advertising purposes (eg to track surfing behavior). They allow, for example, to evaluate different page views as well as their frequency.
Most browsers automatically accept cookies. However, you have the option to customize your browser settings so that cookies are either generally declined or only allowed in certain ways (eg, limiting refusal to third party cookies). However, if you change your browser’s cookie settings, our Website may no longer be fully usable. Via your browser you furthermore have the possibility to delete all cookies saved on your end device, which is equal to a withdrawal of your consent.
2.2 Local/session storage
If you have given us your explicit prior consent according to Art6para1litaGDPR after accessing our Website, we use storage capacity of your browser software in order to enhance the usability of our Website, its user-friendliness and our service in general (for example to save your language settings). Therefore, we use the so-called local/session storage to store certain data on your end device, whereby your browser software maintains a separate local/session storage for each domain. Besides yourself, only we are able to access the data we are processing in this context. Under no circumstances, third parties/websites will be able to access any of such data; however, such data may be saved on our account by our partners (third party providers) on your end device. In contrast to “cookies”, this method is safer and faster because data are not transferred automatically to the respective server with every HTTP request, but stored by your browser software. Additionally, a greater volume of data (at least 5 megabytes) can be stored compared to cookies (a maximum of 4096 bytes).
Since functionalities are similar to cookies, please consider the information under clause 2.1. Further, please be aware that local storage data has no expiry date and will remain on your end device even after you have closed your browser session (similar to persistent cookies). Data in the session storage however only remains stored for the duration of the respective browser session (similar to session cookies).
2.3 Tracking pixel
We also use so-called tracking pixels (also: pixel tags or web beacons) to collect certain data via our Website. Tracking pixels are transparent images which are practically invisible as they consist of a single pixel. The tracking pixel is placed on a server and loaded therefrom as soon as a respective subpage of our Website is accessed. On our Website, tracking pixels are solely used by third parties contracted by us to provide certain services. They allow us to track that a subpage is accessed as well as any subsequent user activity on this page. By means of the tracking pixel, in particular, the following information can be collected: (i) operating system used; (ii) browser type/version used; (iii) time of access; (iv) user behaviour on the visited page; (v) IP address and approximate location of the user.
Tracking pixels are used on our Website on the basis of our legitimate interest (Art6Abs1litfGDPR) in analysing user accesses in a state of the art manner. As a tracking pixel is merely an image loaded from a server, its lifetime is limited to your current browser session. However, information collected via a tracking pixel may be subsequently stored in cookies (seeclause3.1).
3. Third-party services
3.1 Google Analytics
In the context of the application of Google Analytics, your IP address as well as other client data, namely information about your use of our Website, for example, browser type/version, operating system, the previously visited website or the time of the server request, are transferred to and stored on Google servers. Based on our instructions, Google Ireland will use the information collected to analyse the use of our Website, draft reports on website activities and provide us with further services connected to the use of our Website and the Internet. The data concerning the use of our Website are deleted automatically after the retention period of fourteen (14) months, which we provided for, has expired.
The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. In order to protect you as comprehensively as possible, we utilise IP anonymization by extending the code of our Website by “anonymizeIP”. This ensures masking of your IP address, wherefore all data concerned are collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there.
Google Ireland intends to process data of users of the European Economic Area, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to group companies may take place, wherefore a processing of your data in the USA by Google Ireland’s parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“ Google LLC “) is possible. Any potential transfer or your data by Google Ireland to such sub-processors in third countries is based on the standard data protection clauses of the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR. An overview of Google Ireland’s respectively Google LLC’s data centres can be viewed at: https://www.google.com/about/datacenters/inside/locations/?hl=en .
With the procedure described under point 2.1 you can prevent the storage of cookies by a corresponding setting of your browser software (possibly limited to third party cookies). You can also prevent Google Ireland from collecting data generated by cookies and relating to your use of the Website (including your IP address) and from processing this data by downloading an appropriate browser plug-in (available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera) and installing it ( https://tools.google.com/dlpage/gaoptout?hl=en ).
For further information on data usage by Google Ireland and affiliated companies as well as your options in terms of settings and objection, please review the data protection declaration of Google at https://policies.google.com/privacy?hl=en .
3.2 Links to third-party sites
On our Website we use links to the websites of third parties. These are, in particular, reference links leading to our permanent partners as well as links to our presences in social networks (eg Facebook). If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website. Accordingly, we refer you, in general, to the separate privacy policies of these websites. For further information on our processing of your data in connection with our social media presences, please review point4.
4. Social media presences
For the purpose of promoting our business activity and our service offer, we maintain presences in various social networks. The processing of your data in this context is based on our legitimate interest (Art6para1litfGDPR) in expanding our reach as well as providing additional information and means of communication to users of social networks. In order to reach said purposes at the best possible rate, we may utilise functions provided by the respective service provider to measure our reach in detail (access statistics, identification of returning users, etc).
In the course of accessing any of the online presences outlined subsequently, we process the general information being evident due to your profile in the respective network as well as additional continuance, contact or content data, as far as you provide us with such data by interacting with our online presence and its contents. We do not store those data separately outside of the respective social network.
Since we jointly decide with the relevant service provider (respectively entity expressly outlined as controller) upon purposes and means of data processing in the course of a respective online presence, we are to be considered joint controllers in the sense of Art26GDPR. The provider of each social network mentioned shall act as the primary point of contact with regard to all general and technical questions in respect of our online presences; this also applies to fulfilling rights of the data subjects in the sense of point 5. However, in case of requests concerning the specific operation of our online presences, your interactions with them or information published/collected via such channels, we shall be the primary point of contact; point 5 as well as other stipulations in this Data Protection Declaration apply correspondingly.
The social network “ Twitter “ is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (“ Twitter International “). Controller from a data protection point of view with regard to the European Union is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 (“ Twitter International “). In respect of the operation of our Twitter account “IKNAIO” (https://twitter.com/IknaioG), we are joint controllers in the sense of Art26GDPR with Twitter International.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by Twitter in order to personalise and maintain our Twitter account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network ( https://twitter.com/de/tos ) as well as the separate data protection declaration ( https://twitter.com/de/privacy ) and consider the settings options in your Twitter account. In regards to any information provided by us via mechanisms made available by Twitter (Tweets, etc), we are naturally fully responsible.
Eventually, your data may be processed in the United States. Any potential transfer of your data by Twitter International to related companies, in particular to Twitter Inc, 1355 Market Street Suite, 900 San Francisco, California, 94103 United States, is based on the standard data protection clauses by the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR.
The communication network “ Discord “ is operated by Discord Inc, 444 De Haro Street, Suite 200, San Francisco, California, 94107 United States (“ Discord International “). VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P Ireland is its representative in relation to data protection in the EEA in accordance with Art 27 GDPR. In respect of the operation of our Discord channel “IKNAIO” (iknaio#2908), we are joint controllers in the sense of Art26GDPR with Discord International.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by Twitter in order to personalise and maintain our Discord channel. Hence, please carefully review the terms which the service provider prescribes for the use of the social network ( https://discord.com/terms ) as well as the separate data protection declaration ( https://discord.com/privacy ) and consider the settings options in your Discord account. In regards to any information provided by us via mechanisms made available by Discord (postings, etc), we are naturally fully responsible.
Any processing of your data by Discord International in the United States is based on the standard data protection clauses by the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR.
The social network “ LinkedIn “ is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, United States (“ LinkedIn International “). For the EEA region, LinkedIn is operated and data processing is controlled by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“ LinkedIn Ireland “). In respect of the operation of our LinkedIn account, we are joint controllers in the sense of Art26GDPR with LinkedIn Ireland.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by LinkedIn in order to personalise and maintain our LinkedIn account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network ( https://www.linkedin.com/legal/user-agreement?_l=en_EN ) as well as the separate data protection declaration ( https://www.linkedin.com/legal/privacy-policy ) and consider the settings options in your LinkedIn account. In regards to any information provided by us via mechanisms made available by LinkedIn (postings, chats, etc), we are naturally fully responsible.
Any processing of your data by LinkedIn International in the United States is based on the standard data protection clauses by the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR.
The instant messaging service “ Telegram “ is controlled by Telegram Messenger Inc. from a data protection point of view. Representative in the sense of Art27GDPR for the EEA region is Telegram UK Holdings Ltd, 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ. In respect of the operation of our Telegram channel, we are joint controllers in the sense of Art26GDPR with Telegram Messenger Inc.
Please note that we have no influence on the programming and design of Telegram; thus, we can only use the options provided by Telegram in order to personalise and maintain our Telegram channel. Hence, please carefully review the separate data protection declaration ( https://telegram.org/privacy?setln=en ) and consider the settings options in your Telegram account. In regards to content provided by us, we are naturally fully responsible.
Within your Telegram account, you can use the function “@GDPRbot” in order to (i) request a copy of all of your personal data stored by Telegram and/or (ii) pose questions to the provider.
5. Data transfer and recipients
For the purposes explained in this Data Protection Declaration, we will transfer your (personal) data to the following recipients or make them available to them:
Within our organisation , your data will be provided to those entities or employees who need them to fulfil their contractual or legal obligations and for data processing that is based on our legitimate interests.
Furthermore, (external) processors deployed by us receive your data if they need such data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All processors are contractually obliged to keep your data confidential and to process it only within the scope of service provision. This includes the following categories of recipients:
(i) The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“Mailchimp”), as indicated in clause 1.3(a).
Lastly, we may transfer your data to independent controllers , as far as this is necessary in the course of our business activity in order to provide our services or if we are under legal obligation to do so. Also, a transfer of your data to authorities/courts in the course of their statutory competence might take place.
6. Rights of the data subject
A central aspect of data protection regulations is the implementation of adequate options allowing you to dispose of your own personal data, even after processing of said personal data has already commenced. For this purpose, a series of rights of the data subject are set in place. We shall comply with your corresponding requests to exercise your rights as described below without undue delay and in any event within one (1) month of receipt of the request. Please direct your request to the contact provided on the front page:
(i) access to and further information on your personal data processed by us (right of access; Art15 GDPR).
(ii) correction incompletely or incorrectly recorded data (right to rectification, Art 16 GDPR).
(iii) deletion of data, which (i) is not required for the purposes recorded, (ii) is illegally processed or (iii) needs to be deleted due to a legal obligation or revocation of consent (right to erasure, Art 17 GDPR).
(iv) Temporary limitation of processing under specific conditions (right to restriction of processing, Art 18 GDPR).
(v) right to withdraw your consent in relation to processing of your data at any time; Please consider that processing activities which were based on valid consent before withdrawal do not become illicit retroactively and a withdrawal of consent solely effects future processing activities, Art 7 para 3 GDPR).
(vi) right to object to data processing at any time on grounds relating to your particular situation; this applies to all cases of data processing based on our legitimate interests (Art6para1litfGDPR) (balance of interests, Art 21 para 1 GDPR).
(vii) right to obtain your data, which is processed by us for the fulfillment of contractual obligations, in order to pre-contractual measures on your request or on the basis of your consent in a structured, common and machine-readable format or upon request directly communicated to another controller (right to data portability, Art 20 GDPR).
(viii) right to lodge a complaint with the relevant national supervisory authority in relation to the processing of your data; please consider the requirements for such complaint in Austria are based on Section 24DSG and shall be submitted to the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria, email@example.com (e-mail), +43 1 52 152-0 (phone).