Data privacy
Content
Data Protection Notice
360X AG (“we”, “us”, “our”) processes personal data only as provided by law, in particular the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). This data protection notice (the “Notice”) provides information about the processing of personal data relating to you when using our website and its functions at https://www.360x.com, including any subdomain ending with “.360x.com” (our “Website”).
Personal data refers to any information relating to an identified or identifiable natural person (“Data Subjects”), such as our Website visitors, and may include their name, contact details or technical identifiers.
Table of Contents:
1. Who We Are
-
-
1.1 Our Identity as Data Controller
-
-
2. How We Process Personal Data When You Visit This Website
-
2.1 Personal Data Processing By Our Web Servers
-
2.2 Personal Data Processing By Wix.com Ltd.
-
2.2 Use of Amazon Web Services As Our Hosting Services Provider and Content Delivery Network
-
2.3 Use of Matomo to Get Insights Into How Visitors Use Our Website
-
2.4 Use of Rapidmail As Our Emailing Services Provider
-
-
3. How We Process Personal Data When You Contact Us
-
3.1 Personal Data Processing Related to Email Correspondence
-
3.2 Personal Data Processing Related to the Use of Our Contact Form
-
-
4. How We Process Personal Data When You Send Us Your Application For a Job Offer
-
4.1 Use of Personio for Job Offer and Application Management
-
4.2 Do You Have to Provide Your Personal Data to Us?
-
4.3 Legal Basis For Processing Your Personal Data Throughout the Application Procedure
-
4.4 Period For Which We Will Store Your Personal Data From the Application Procedure
-
-
5. Use of Cookies on Our Website
-
6. Your Rights as a Data Subject
-
7. We Refrain from Automated Individual Decision-making
-
8. General Technical and Organizational Measures
-
9. Changes to this Data Protection Notice
1 Who We Are and How You Can Reach Our Data Protection Officer
1.1 Our Identity as Data Controller
We process personal data relating to you as data controller. You can contact us in a number of ways:
360X AG
Neue Rothofstraße 13-19
60313 Frankfurt am Main
Deutschland
E-Mail: privacy@360x.com
2 How We Process Personal Data When You Visit This Website
2.1 Personal Data Processing By Our Web Servers
When you visit our Website without providing any other personal data that is technically necessary for establishing a connection to our web servers and for displaying our Website, your browser will automatically send certain information to our web servers. The following categories of personal data are collected automatically:
-
Public IP address of the requesting entity or of your end user device;
-
Date and time of the request, time zone included;
-
Requested URL, including query parameters and request headers;
-
Access status/HTTP status code;
-
Amount of data transferred in each case;
-
Website from which the request originates (so-called referrer URL);
-
HTTP headers (including your browser type, version and language; your operating system and interface; name of your Internet Service Provider).
The legal basis we rely on to process your personal data is Art. 6(1), sentence 1, lit. f GDPR, which allows us to process personal data when it is necessary for our legitimate interests. In particular, we process the above-mentioned categories of personal data for ensuring the continuity of our business by letting you access our Website without disruptions and maintain the integrity of our IT systems (e.g., for preventing server overload through distributed denial-of-service (DDoS) attacks). Such personal data will be temporarily stored in server log files for as long as necessary to maintain and improve the security and stability of our IT systems over a period of 90 days.
2.2 Personal Data Processing By Wix.com Ltd.
We are using hosting services provided by Wix.com Ltd., 40 Namal Tel Aviv St, Tel Aviv, Israel (“Wix”) for the hosting of our pre-registration form and the related website (landing page). You can find general information on the processing of personal data by Wix at https://www.wix.com/about/privacy. We have signed a data processing agreement with Wix, which is acting as our data processor and processes personal data of users on our behalf and instructions at data centres that are located in the United States of America, Ireland, Japan and Israel. In the course of the provision of its hosting services, Wix may also process personal data in other countries, including the Republic of Korea and Taiwan, if necessary.
With regard to personal data transfers by Wix to countries outside of the European Union or the European Economic Area, which do not provide for an adequate level of protection for the personal data of EU individuals, including the United States of America or Taiwan, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with Wix. We can provide you with a copy of the Standard Contractual Clauses upon your request to info@360x.com.
With regard to personal data transfers by Wix to Japan, the Republic of Korea and Israel, the European Commission has recognized these countries in so-called “adequacy decisions” as providing an adequate level of data protection. Personal data transfers to these countries will be conducted under the applicable adequacy decisions. You can find a current list of countries providing an adequate level of data protection as well as links to the relevant “adequacy decisions” at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Additionally, AWS has provided specific warranties with regard to the protection of personal data and the laws and practices of governmental authorities in its “Supplementary Addendum to the AWS GDPR DPA”, which is available at https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf. AWS has adopted a number of supplementary measures, which are summarized at https://aws.amazon.com/compliance/gdpr-center/#Can_I_continue_to_use_AWS_services_following_the_Schrems_II_ruling.3F_.”
2.3 Use of Amazon Web Services As Our Hosting Services Provider and Content Delivery Network
We are using hosting services provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States of America (“AWS”). You can find AWS’ privacy policy at https://aws.amazon.com/privacy/?nc1=h_ls. We have signed a Data Processing Addendum with AWS, which is acting as data processor and processes personal data of Website visitors on our behalf and instructions on servers that are located in Frankfurt, Germany.
With regard to personal data transfers by AWS to a country outside of the European Union or the European Economic Area, including the United States of America, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with AWS. You can find a copy of the Standard Contractual Clauses at https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf. Additionally, AWS has provided specific warranties with regard to the protection of personal data and the laws and practices of governmental authorities in its “Supplementary Addendum to the AWS GDPR DPA”, which is available at https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf. AWS has adopted a number of supplementary measures, which are summarized at https://aws.amazon.com/compliance/gdpr-center/#Can_I_continue_to_use_AWS_services_following_the_Schrems_II_ruling.3F_.
Furthermore, we use AWS CloudFront (“CloudFront”) to properly deliver content provided on our Website. CloudFront is a service of AWS which acts as a content delivery network (CDN) for our Website and helps us to provide content from our Website in a faster and more reliable way by using a network of distributed servers. This allows CloudFront to analyze traffic between your browser and our Website and filter potentially harmful Internet traffic. The legal basis we rely on to process your personal data in this regard is Art. 6(1), sentence 1, lit. f GDPR for the purposes stated under section 2.1 above. CloudFront also offers a variety of technical and organizational measures, including encryption both in transit and at rest as well as restricted access to content, as described at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html.
2.4 Use of Rapidmail As Our Emailing Services Provider
We are using emailing services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”). You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Personal Data sent through our pre-registration form is transmitted and stored using TLS encryption to Rapidmail’s servers. Such data can only be accessed with a decryption key.
3 How We Process Personal Data When You Contact Us
3.1 Personal Data Processing Related to Email Correspondence
When you contact us by email, we will collect, use and store personal data you provide (such as your investment type and activities, your name, your email address, your contact details and further information provided by you) to process and answer your enquiry adequately.
We will erase such data when storage is no longer necessary according to the circumstances (e.g., when we have provided a final response to your enquiry). Alternatively, we will restrict the processing if there are any applicable legal retention obligations, in particular where federal German laws require us to store our electronic correspondence containing commercial letters and other business and/or tax-related documents for a period of up to six or ten years (see, Sec. 147 of the German Tax Code, Sec. 257 of the German Commercial Code).
The legal basis for such processing is Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into, to perform or to terminate a contract with us. In this case, the legal basis follows from Art. 6(1), sentence 1, lit. b GDPR.
3.2 Personal Data Processing Related to the Use of Our Contact Form
We are using services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”) for our contact form. You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Please note that you are not required to use the contact form provided on our Website. You are also welcome to contact us by any other means.
Depending on the information you submitted through our contact form, we may also share personal data that you provided by this means with our partners and domain experts, tectrex AG, headquartered in c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main, 360X Art AG, headquartered in Neue Rothofstraße 13-19, 60313 Frankfurt am Main and 360X and 360X Music AG, headquartered in Revaler Straße 99, Halle 20, House of Music, 10245 Berlin, to provide you with targeted advice on the management of digital stakes of alternative asset classes (such as art and real estate). The legal basis for such processing is Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into, to perform or to terminate a contract with us. In this case, the legal basis follows from Art. 6(1), sentence 1, lit. b GDPR. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1), sentence 1, lit. f GDPR (Art. 21(1) GDPR), including to sharing your personal data with our aforementioned partners.
Data retention and erasure takes place according to the criteria we explain under section 3.1 above.
4 How We Process Personal Data When You Send Us Your Application For a Job Offer
4.1 Use of Personio for Job Offer and Application Management
We use the personnel administration and applicant management software of Personio GmbH, Rundfunkplatz 4, 80335 München, Germany (“Personio”). If you send us your application through Personio’s application form, personal data included therein will be transmitted and stored using TLS encryption to Personio’s servers located in Frankfurt, Germany. Such data can only be accessed with a decryption key. We have signed a Data Processing Agreement with Personio, which is acting as data processor and processes personal data of applicants on our behalf and instructions. Personio provides more information on its efforts to comply with the GDPR and its technical and organizational measures at https://www.personio.com/data-security/. For the processing of personal data on Personio’s website, please refer to their data privacy policy available at https://www.personio.com/privacy-policy/.
4.2 Do You Have to Provide Your Personal Data to Us?
To apply for a job with us, you need to provide us with the data required for assessing and perhaps selecting you. The information required in each case can be found in the job description or will be stated specifically in the application form. This includes personal data such as your name, address, a means of contact, and proof of the qualifications required for a position with us. Upon request, we will be happy to provide you with the information required for a specific position.
You are not required to use Personio’s application form and can send us your application by letter instead, for example. Please note, however, that despite the widespread use of transport encryption, we cannot guarantee the security of the transmission of any email that you send to us for applying. Therefore, sending unencrypted emails to us is at your own risk.
4.3 Legal Basis For Processing Your Personal Data Throughout the Application Procedure
The legal basis for processing your personal data throughout the application procedure follows from Art. 6(1), sentence 1, lit. b GDPR in conjunction with Sec. 26(1), sentence 1 BDSG.
Where we collect special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, such as the existence of a severe disability, or ethnic origin) from applicants during the application process, to allow us or the applicant to exercise the specific rights in the field of employment and social security and social protection law, such data will be processed in accordance with Art. 9(2) lit. b GDPR in conjunction with Sec. 26(3), sentence 1 BDSG. Where necessary for the protection of vital interests of applicants or other persons, Art. 9(2) lit. c GDPR serves as legal basis. For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the applicant, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, we rely on Art. 9(2) lit. h GDPR in conjunction with applicable provisions from European Union or German law. If we ask for your voluntary and express consent in this respect, we process special categories of personal data on the basis of Art. 9(2) lit. a GDPR in conjunction with Sec. 26(3), sentence 2 BDSG.
4.4 Period For Which We Will Store Your Personal Data From the Application Procedure
If your application is successful, your applicant data will be further processed by us to establish, perform and terminate the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. We will also erase personal data from applicants if they withdraw their application, which they are entitled to do at any time. We will erase personal data from the application procedure no later than six months after this procedure has been completed. Such storage is necessary to allow us to answer any follow-up questions about the application procedure and enable us to provide evidence under the requirements for the the equal treatment of applicants arising from the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz) and applicable time limits. Invoices for any reimbursement of travel expenses will be retained in accordance with tax law requirements (see, section 3.1 above).
5 Use of Cookies on Our Website
Cookies are small text files that are stored by your web browser when you visit a website and may contain certain information such as your IP address, information about the content you view or your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Website, and allow us to learn about your visit and your use of online services.
We use of the following cookies that will be stored on your device and subsequently accessed:
Cookie Name
Purpose, Source Domain and Description
Cookie Type
Legal Basis
Retention Period
-
XSRF-TOKEN
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
hs
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
svSession
-
Cookie used in connection with the website user login
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
SSR-caching
-
Cookie used to indicate the system used to render the website
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
1 minute
-
-
_wixCIDX
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
3 months
-
-
_wix_browser_sess
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
consent-policy
-
Cookie used for cookie banner parameters
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
smSession
-
Cookie used to identify logged in website members
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
TS*
-
Cookie used for security and anti-fraud purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
bSession
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
30 minutes
-
-
fedops.logger.X
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
wixLanguage
-
Cookie used on multilingual websites to store the user's language settings
-
Functional
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
6 Your Rights as a Data Subject
-
As a Data Subject, you have the right to obtain confirmation as to whether personal data relating to you are being processed by us and, where that is the case, the right to access to the personal data to you and a copy thereof (Art. 15(1) and (3) GDPR).
-
If we process inaccurate personal data, you have the right to rectification (Art. 16 GDPR).
-
In some cases described by law, you may request the erasure of personal data concerning you or the restriction of processing (Art. 17 and 18 GDPR).
-
If processing is based on your consent within the meaning of Art. 6(1), sentence 1, letter a GDPR and/or Art. 9(2), letter a GDPR, you may withdraw your consent at any time (Art. 7(3) GDPR), which would not affect the lawfulness of processing based on consent before its withdrawal.
-
If processing is based on your consent within the meaning of Art. 6(1), sentence 1, letter a GDPR and/or Art. 9(2), letter a GDPR and the data processing is carried out by automated means, you have a right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Art. 20 GDPR).
-
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1), sentence 1, letter e or f GDPR (Art. 21(1) GDPR).You may object to the processing of your personal data on the basis of on Art. 6(1), sentence 1, letter f GDPR for direct marketing purposes at any time (Art. 21(2) GDPR), without stating grounds relating to your particular situation. However, we would like to point out that we do not process your personal data for this purpose.
-
Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority. You can for example contact the supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement. The data protection supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, Germany, Telephone: +49 (0)611 1408-0, https://datenschutz.hessen.de.
If you have any questions or complaints about how we process your personal data, we recommend that you first contact us (see the contact details under section 1.1 above).
7 We Refrain from Automated Individual Decision-making
We do not make any automated decisions based solely on automated processing, including profiling, which produce legal effects concerning the visitors of our Website or similarly significantly affects them.
8 General Technical and Organizational Measures
We have taken appropriate technical and organizational measures to protect the personal data you provide against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. For instance, our employees and all persons acting under our authority are obliged to comply with data protection laws and to process personal data in confidential manner. To protect the personal data of our users, we also use a secure online transfer protocol, the so-called “Transport Layer Security” (TLS) transmission. You can recognize this by a final “s” appended to the URL (“https://”) or a closed lock symbol in your browser. Clicking on the symbol provides you with further information about the TLS certificate used. Symbols and explanations may vary according to the browser you are using. TLS encryption ensures the encrypted and complete transmission of your data.
9 Changes to this Data Protection Notice
New legal requirements, corporate decisions or technical developments may lead to changes to this Notice and require us to adapt this Notice accordingly. You will always find the current version on our Website. Please note that external links to third-party websites or their contact information may change over time. If you find any information that is outdated, please let us know.
DATA PROTECTION NOTICE FOR PRE-REGISTERING WITH 360X
360X AG (“we”, “us”, “our”) processes personal data only as provided by law, in particular the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). Personal data refers to any information relating to an identified or identifiable natural person (“Data Subjects”), such as our pre-registered users, and may include their name, contact details or technical identifiers.
This data protection notice for pre-registering with 360X (the “Pre-Registration Notice”) provides specific information about the processing of personal data relating to you when pre-registering with us by submitting personal data through our pre-registration form and receiving subsequent communication.
For general information about the processing of personal data when using our website and its functions at https://www.360x.com, including any subdomain ending with “.360x.com”, please refer to https://www.360x.com/data-privacy (our “Website Notice”).
1. General Application of the Website Notice
Unless otherwise stated in this Pre-Registration Notice, the information provided in the Website Notice also applies to this Pre-Registration Notice, in particular regarding the identity and the contact details of the controller, the contact details of the data protection officer, data retention, and the rights of Data Subjects under the GDPR.
2. How We Process Personal Data When You Pre-Register With 360X
2.1 Pre-Registration With 360X and Signing Up For Our Newsletter
For pre-registering with us and signing up for our newsletter about new investment opportunities in digital stakes related to our platforms, it is necessary to complete a double opt-in procedure. After providing your personal data through our pre-registration form, namely
-
Your first and last name;
-
Your email address*;
-
Your user type (professional or retail user)
-
Your nationality and residency;
-
Whether you would like to invest in digital assets and/or list your assets on our platform;
-
Whether you are interested in tokens representing Art, Music and/or Real Estate; and
-
Technical registration data (such as your IP address and the time/date of your registration);
(*) Required field(s)
you will receive an email to confirm your registration, which shall prevent unauthorized users to register with your personal email address. When registering for the newsletter, your IP address and the date and time of registration are temporarily stored by our emailing services provider (see, section 2.4 below). You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link available in the footer of every newsletter.
The legal bases we rely on to process the above-mentioned categories of personal data is Art. 6(1), sentence 1, lit. b GDPR, which allows us to complete your pre-registration with us and take steps at your request prior to entering into an agreement with us, as well as your consent (Art. 6(1), sentence 1, lit. a GDPR) into receiving our newsletter and/or email updates when you will be able to sign up for the platform.
The aforementioned categories of personal data, processed by us for the purposes of sending newsletters and/or email updates when you will be able to sign up for the platform as part of your pre-registration with us, will be stored until you unsubscribe from the newsletter and/or the email updates, and will be deleted from our servers as well as from the servers of our emailing services provider (see, section 2.4 below) when you unsubscribe. Please note that we may retain certain categories of personal data we have received from you for other purposes, such as to perform a contract with you or to observe statutory retention periods (please refer to our Website Notice).
2.2 Personal Data Disclosures To Our Partners Throughout The Pre-Registration Process
Depending on the information you submitted through our pre-registration form, we disclose the personal data that you provided by this means with our partners:
-
If you stated that you are interested in tokens representing Art: With 360X Art AG, Neue Rothofstraße 13-19, 60313 Frankfurt am Main, Germany;
-
If you stated that you are interested in tokens representing Music: With 360X Music AG and Twelvebytwelve GmbH, Revaler Straße 99, Halle 20, House of Music, 10245 Berlin, Germany;
-
If you stated that you are interested in tokens representing Real Estate: With tectrex AG, c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main, Germany.
All of our above mentioned partners will provide you with targeted advice on the management of digital stakes of alternative asset classes (depending on your choices). The legal bases we rely on to disclose your personal data to our partners is Art. 6(1), sentence 1, lit. b GDPR, which allows us to complete your pre-registration with us and take steps at your request prior to entering into an agreement with us or our partners, as well as our legitimate interests existing in this regard (Art. 6(1), sentence 1, lit. f GDPR). If you do not want your data to be shared with our aforementioned partners, please do not select any option in the field “I am interested in” in our pre-registration form.
2.3 Personal Data Processing By Wix.com Ltd.
We are using hosting services provided by Wix.com Ltd., 40 Namal Tel Aviv St, Tel Aviv, Israel (“Wix”) for the hosting of our pre-registration form and the related website (landing page). You can find general information on the processing of personal data by Wix at https://www.wix.com/about/privacy. We have signed a data processing agreement with Wix, which is acting as our data processor and processes personal data of users on our behalf and instructions at data centers that are located in the United States of America, Ireland, Japan and Israel. In the course of the provision of its hosting services, Wix may also process personal data in other countries, including the Republic of Korea and Taiwan, if necessary.
With regard to personal data transfers by Wix to countries outside of the European Union or the European Economic Area, which do not provide for an adequate level of protection for the personal data of EU individuals, including the United States of America or Taiwan, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with Wix. We can provide you with a copy of the Standard Contractual Clauses upon your request to info@360x.com.
With regard to personal data transfers by Wix to Japan, the Republic of Korea and Israel, the European Commission has recognized these countries in so called “adequacy decisions” as providing an adequate level of data protection. Personal data transfers to these countries will be conducted under the applicable adequacy decisions. You can find a current list of countries providing an adequate level of data protection as well as links to the relevant “adequacy decisions” at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
2.4 Use of Rapidmail As Our Emailing Services Provider
We are using emailing services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”). You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Personal Data sent through our pre-registration form is transmitted and stored using TLS encryption to Rapidmail’s servers. Such data can only be accessed with a decryption key.
3.Use of Cookies on Our Website
Cookies are small text files that are stored by your web browser when you visit a website and may contain certain information such as your IP address, information about the content you view or your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Website, and allow us to learn about your visit and your use of online services.
We use of the following cookies that will be stored on your device and subsequently accessed:
Cookie Name
Purpose, Source Domain and Description
Cookie Type
Legal Basis
Retention Period
-
XSRF-TOKEN
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
hs
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
svSession
-
Cookie used in connection with the website user login
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
SSR-caching
-
Cookie used to indicate the system used to render the website
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
1 minute
-
-
_wixCIDX
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
3 months
-
-
_wix_browser_sess
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
consent-policy
-
Cookie used for cookie banner parameters
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
smSession
-
Cookie used to identify logged in website members
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
TS*
-
Cookie used for security and anti-fraud purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
bSession
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
30 minutes
-
-
fedops.logger.X
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
wixLanguage
-
Cookie used on multilingual websites to store the user's language settings
-
Functional
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
4. Changes to this Pre-Registration Notice
New legal requirements, corporate decisions or technical developments may lead to changes to this Pre-Registration Notice and require us to adapt this Pre-Registration Notice accordingly. You will always find the current version on our pre-registration website. Please note that external links to third-party websites or their contact information may change over time. If you find any information that is outdated, please let us know.