Data privacy
Content
Data Protection Notice
360X AG (“we”, “us”, “our”) processes personal data only as provided by law, in particular the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). This data protection notice (the “Notice”) provides information about the processing of personal data relating to you when using our website and its functions at https://www.360x.com, including any subdomain ending with “.360x.com” (our “Website”).
Personal data refers to any information relating to an identified or identifiable natural person (“Data Subjects”), such as our Website visitors, and may include their name, contact details or technical identifiers.
Table of Contents:
1. Who We Are
-
-
1.1 Our Identity as Data Controller
-
1.2 Name and address of the Data Security Officer
-
-
2. How We Process Personal Data When You Visit This Website
-
2.1 Personal Data Processing By Our Web Servers
-
2.2 Personal Data Processing By Wix.com Ltd.
-
2.2 Use of Amazon Web Services As Our Hosting Services Provider and Content Delivery Network
-
2.3 Use of Matomo to Get Insights Into How Visitors Use Our Website
-
2.4 Use of Rapidmail As Our Emailing Services Provider
-
-
3. How We Process Personal Data When You Contact Us
-
3.1 Personal Data Processing Related to Email Correspondence
-
3.2 Personal Data Processing Related to the Use of Our Contact Form
-
-
4. How We Process Personal Data When You Send Us Your Application For a Job Offer
-
4.1 Use of Personio for Job Offer and Application Management
-
4.2 Do You Have to Provide Your Personal Data to Us?
-
4.3 Legal Basis For Processing Your Personal Data Throughout the Application Procedure
-
4.4 Period For Which We Will Store Your Personal Data From the Application Procedure
-
-
5. Use of Cookies on Our Website
-
6. Your Rights as a Data Subject
-
7. We Refrain from Automated Individual Decision-making
-
8. General Technical and Organizational Measures
-
9. Changes to this Data Protection Notice
1 Who We Are and How You Can Reach Our Data Protection Officer
1.1 Our Identity as Data Controller
We process personal data relating to you as data controller. You can contact us in a number of ways:
360X AG
Neue Rothofstraße 13-19
60313 Frankfurt am Main
Deutschland
E-Mail: privacy@360x.com
1.2 Name and address of the Data Security Officer
The data protection officer is:
Kemal Webersohn of WS Datenschutz GmbH
If you have questions about data protection, you can contact WS Datenschutz GmbH at the
following email address: 360x@ws-datenschutz.de
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
https://webersohnundscholtz.de
2 How We Process Personal Data When You Visit This Website
2.1 Personal Data Processing By Our Web Servers
When you visit our Website without providing any other personal data that is technically necessary for establishing a connection to our web servers and for displaying our Website, your browser will automatically send certain information to our web servers. The following categories of personal data are collected automatically:
-
Public IP address of the requesting entity or of your end user device;
-
Date and time of the request, time zone included;
-
Requested URL, including query parameters and request headers;
-
Access status/HTTP status code;
-
Amount of data transferred in each case;
-
Website from which the request originates (so-called referrer URL);
-
HTTP headers (including your browser type, version and language; your operating system and interface; name of your Internet Service Provider).
The legal basis we rely on to process your personal data is Art. 6(1), sentence 1, lit. f GDPR, which allows us to process personal data when it is necessary for our legitimate interests. In particular, we process the above-mentioned categories of personal data for ensuring the continuity of our business by letting you access our Website without disruptions and maintain the integrity of our IT systems (e.g., for preventing server overload through distributed denial-of-service (DDoS) attacks). Such personal data will be temporarily stored in server log files for as long as necessary to maintain and improve the security and stability of our IT systems over a period of 90 days.
2.2 Personal Data Processing By Wix.com Ltd.
We are using hosting services provided by Wix.com Ltd., 40 Namal Tel Aviv St, Tel Aviv, Israel (“Wix”) for the hosting of our pre-registration form and the related website (landing page). You can find general information on the processing of personal data by Wix at https://www.wix.com/about/privacy. We have signed a data processing agreement with Wix, which is acting as our data processor and processes personal data of users on our behalf and instructions at data centres that are located in the United States of America, Ireland, Japan and Israel. In the course of the provision of its hosting services, Wix may also process personal data in other countries, including the Republic of Korea and Taiwan, if necessary.
With regard to personal data transfers by Wix to countries outside of the European Union or the European Economic Area, which do not provide for an adequate level of protection for the personal data of EU individuals, including the United States of America or Taiwan, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with Wix. We can provide you with a copy of the Standard Contractual Clauses upon your request to info@360x.com.
With regard to personal data transfers by Wix to Japan, the Republic of Korea and Israel, the European Commission has recognized these countries in so-called “adequacy decisions” as providing an adequate level of data protection. Personal data transfers to these countries will be conducted under the applicable adequacy decisions. You can find a current list of countries providing an adequate level of data protection as well as links to the relevant “adequacy decisions” at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Additionally, AWS has provided specific warranties with regard to the protection of personal data and the laws and practices of governmental authorities in its “Supplementary Addendum to the AWS GDPR DPA”, which is available at https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf. AWS has adopted a number of supplementary measures, which are summarized at https://aws.amazon.com/compliance/gdpr-center/#Can_I_continue_to_use_AWS_services_following_the_Schrems_II_ruling.3F_.”
2.3 Use of Amazon Web Services As Our Hosting Services Provider and Content Delivery Network
We are using hosting services provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States of America (“AWS”). You can find AWS’ privacy policy at https://aws.amazon.com/privacy/?nc1=h_ls. We have signed a Data Processing Addendum with AWS, which is acting as data processor and processes personal data of Website visitors on our behalf and instructions on servers that are located in Frankfurt, Germany.
With regard to personal data transfers by AWS to a country outside of the European Union or the European Economic Area, including the United States of America, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with AWS. You can find a copy of the Standard Contractual Clauses at https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf. Additionally, AWS has provided specific warranties with regard to the protection of personal data and the laws and practices of governmental authorities in its “Supplementary Addendum to the AWS GDPR DPA”, which is available at https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf. AWS has adopted a number of supplementary measures, which are summarized at https://aws.amazon.com/compliance/gdpr-center/#Can_I_continue_to_use_AWS_services_following_the_Schrems_II_ruling.3F_.
Furthermore, we use AWS CloudFront (“CloudFront”) to properly deliver content provided on our Website. CloudFront is a service of AWS which acts as a content delivery network (CDN) for our Website and helps us to provide content from our Website in a faster and more reliable way by using a network of distributed servers. This allows CloudFront to analyze traffic between your browser and our Website and filter potentially harmful Internet traffic. The legal basis we rely on to process your personal data in this regard is Art. 6(1), sentence 1, lit. f GDPR for the purposes stated under section 2.1 above. CloudFront also offers a variety of technical and organizational measures, including encryption both in transit and at rest as well as restricted access to content, as described at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html.
2.4 Use of Rapidmail As Our Emailing Services Provider
We are using emailing services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”). You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Personal Data sent through our pre-registration form is transmitted and stored using TLS encryption to Rapidmail’s servers. Such data can only be accessed with a decryption key.
3 How We Process Personal Data When You Contact Us
3.1 Personal Data Processing Related to Email Correspondence
When you contact us by email, we will collect, use and store personal data you provide (such as your investment type and activities, your name, your email address, your contact details and further information provided by you) to process and answer your enquiry adequately.
We will erase such data when storage is no longer necessary according to the circumstances (e.g., when we have provided a final response to your enquiry). Alternatively, we will restrict the processing if there are any applicable legal retention obligations, in particular where federal German laws require us to store our electronic correspondence containing commercial letters and other business and/or tax-related documents for a period of up to six or ten years (see, Sec. 147 of the German Tax Code, Sec. 257 of the German Commercial Code).
The legal basis for such processing is Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into, to perform or to terminate a contract with us. In this case, the legal basis follows from Art. 6(1), sentence 1, lit. b GDPR.
3.2 Personal Data Processing Related to the Use of Our Contact Form
We are using services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”) for our contact form. You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Please note that you are not required to use the contact form provided on our Website. You are also welcome to contact us by any other means.
Depending on the information you submitted through our contact form, we may also share personal data that you provided by this means with our partners and domain experts, tectrex AG, headquartered in c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main, 360X Art AG, headquartered in Neue Rothofstraße 13-19, 60313 Frankfurt am Main and 360X and 360X Music AG, headquartered in Revaler Straße 99, Halle 20, House of Music, 10245 Berlin, to provide you with targeted advice on the management of digital stakes of alternative asset classes (such as art and real estate). The legal basis for such processing is Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into, to perform or to terminate a contract with us. In this case, the legal basis follows from Art. 6(1), sentence 1, lit. b GDPR. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1), sentence 1, lit. f GDPR (Art. 21(1) GDPR), including to sharing your personal data with our aforementioned partners.
Data retention and erasure takes place according to the criteria we explain under section 3.1 above.
4 How We Process Personal Data When You Send Us Your Application For a Job Offer
4.1 Use of Personio for Job Offer and Application Management
We use the personnel administration and applicant management software of Personio GmbH, Rundfunkplatz 4, 80335 München, Germany (“Personio”). If you send us your application through Personio’s application form, personal data included therein will be transmitted and stored using TLS encryption to Personio’s servers located in Frankfurt, Germany. Such data can only be accessed with a decryption key. We have signed a Data Processing Agreement with Personio, which is acting as data processor and processes personal data of applicants on our behalf and instructions. Personio provides more information on its efforts to comply with the GDPR and its technical and organizational measures at https://www.personio.com/data-security/. For the processing of personal data on Personio’s website, please refer to their data privacy policy available at https://www.personio.com/privacy-policy/.
4.2 Do You Have to Provide Your Personal Data to Us?
To apply for a job with us, you need to provide us with the data required for assessing and perhaps selecting you. The information required in each case can be found in the job description or will be stated specifically in the application form. This includes personal data such as your name, address, a means of contact, and proof of the qualifications required for a position with us. Upon request, we will be happy to provide you with the information required for a specific position.
You are not required to use Personio’s application form and can send us your application by letter instead, for example. Please note, however, that despite the widespread use of transport encryption, we cannot guarantee the security of the transmission of any email that you send to us for applying. Therefore, sending unencrypted emails to us is at your own risk.
4.3 Legal Basis For Processing Your Personal Data Throughout the Application Procedure
The legal basis for processing your personal data throughout the application procedure follows from Art. 6(1), sentence 1, lit. b GDPR in conjunction with Sec. 26(1), sentence 1 BDSG.
Where we collect special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, such as the existence of a severe disability, or ethnic origin) from applicants during the application process, to allow us or the applicant to exercise the specific rights in the field of employment and social security and social protection law, such data will be processed in accordance with Art. 9(2) lit. b GDPR in conjunction with Sec. 26(3), sentence 1 BDSG. Where necessary for the protection of vital interests of applicants or other persons, Art. 9(2) lit. c GDPR serves as legal basis. For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the applicant, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, we rely on Art. 9(2) lit. h GDPR in conjunction with applicable provisions from European Union or German law. If we ask for your voluntary and express consent in this respect, we process special categories of personal data on the basis of Art. 9(2) lit. a GDPR in conjunction with Sec. 26(3), sentence 2 BDSG.
4.4 Period For Which We Will Store Your Personal Data From the Application Procedure
If your application is successful, your applicant data will be further processed by us to establish, perform and terminate the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. We will also erase personal data from applicants if they withdraw their application, which they are entitled to do at any time. We will erase personal data from the application procedure no later than six months after this procedure has been completed. Such storage is necessary to allow us to answer any follow-up questions about the application procedure and enable us to provide evidence under the requirements for the the equal treatment of applicants arising from the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz) and applicable time limits. Invoices for any reimbursement of travel expenses will be retained in accordance with tax law requirements (see, section 3.1 above).
5 Use of Cookies on Our Website
Cookies are small text files that are stored by your web browser when you visit a website and may contain certain information such as your IP address, information about the content you view or your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Website, and allow us to learn about your visit and your use of online services.
We use of the following cookies that will be stored on your device and subsequently accessed:
Cookie Name
Purpose, Source Domain and Description
Cookie Type
Legal Basis
Retention Period
-
XSRF-TOKEN
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
hs
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
svSession
-
Cookie used in connection with the website user login
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
SSR-caching
-
Cookie used to indicate the system used to render the website
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
1 minute
-
-
_wixCIDX
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
3 months
-
-
_wix_browser_sess
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
consent-policy
-
Cookie used for cookie banner parameters
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
smSession
-
Cookie used to identify logged in website members
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
TS*
-
Cookie used for security and anti-fraud purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
bSession
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
30 minutes
-
-
fedops.logger.X
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
wixLanguage
-
Cookie used on multilingual websites to store the user's language settings
-
Functional
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
6 Your Rights as a Data Subject
-
As a Data Subject, you have the right to obtain confirmation as to whether personal data relating to you are being processed by us and, where that is the case, the right to access to the personal data to you and a copy thereof (Art. 15(1) and (3) GDPR).
-
If we process inaccurate personal data, you have the right to rectification (Art. 16 GDPR).
-
In some cases described by law, you may request the erasure of personal data concerning you or the restriction of processing (Art. 17 and 18 GDPR).
-
If processing is based on your consent within the meaning of Art. 6(1), sentence 1, letter a GDPR and/or Art. 9(2), letter a GDPR, you may withdraw your consent at any time (Art. 7(3) GDPR), which would not affect the lawfulness of processing based on consent before its withdrawal.
-
If processing is based on your consent within the meaning of Art. 6(1), sentence 1, letter a GDPR and/or Art. 9(2), letter a GDPR and the data processing is carried out by automated means, you have a right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Art. 20 GDPR).
-
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1), sentence 1, letter e or f GDPR (Art. 21(1) GDPR).You may object to the processing of your personal data on the basis of on Art. 6(1), sentence 1, letter f GDPR for direct marketing purposes at any time (Art. 21(2) GDPR), without stating grounds relating to your particular situation. However, we would like to point out that we do not process your personal data for this purpose.
-
Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority. You can for example contact the supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement. The data protection supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, Germany, Telephone: +49 (0)611 1408-0, https://datenschutz.hessen.de.
If you have any questions or complaints about how we process your personal data, we recommend that you first contact us (see the contact details under section 1.1 above).
7 We Refrain from Automated Individual Decision-making
We do not make any automated decisions based solely on automated processing, including profiling, which produce legal effects concerning the visitors of our Website or similarly significantly affects them.
8 General Technical and Organizational Measures
We have taken appropriate technical and organizational measures to protect the personal data you provide against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. For instance, our employees and all persons acting under our authority are obliged to comply with data protection laws and to process personal data in confidential manner. To protect the personal data of our users, we also use a secure online transfer protocol, the so-called “Transport Layer Security” (TLS) transmission. You can recognize this by a final “s” appended to the URL (“https://”) or a closed lock symbol in your browser. Clicking on the symbol provides you with further information about the TLS certificate used. Symbols and explanations may vary according to the browser you are using. TLS encryption ensures the encrypted and complete transmission of your data.
9 Changes to this Data Protection Notice
New legal requirements, corporate decisions or technical developments may lead to changes to this Notice and require us to adapt this Notice accordingly. You will always find the current version on our Website. Please note that external links to third-party websites or their contact information may change over time. If you find any information that is outdated, please let us know.
DATA PROTECTION NOTICE FOR PRE-REGISTERING WITH 360X
360X AG (“we”, “us”, “our”) processes personal data only as provided by law, in particular the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). Personal data refers to any information relating to an identified or identifiable natural person (“Data Subjects”), such as our pre-registered users, and may include their name, contact details or technical identifiers.
This data protection notice for pre-registering with 360X (the “Pre-Registration Notice”) provides specific information about the processing of personal data relating to you when pre-registering with us by submitting personal data through our pre-registration form and receiving subsequent communication.
For general information about the processing of personal data when using our website and its functions at https://www.360x.com, including any subdomain ending with “.360x.com”, please refer to https://www.360x.com/data-privacy (our “Website Notice”).
1. General Application of the Website Notice
Unless otherwise stated in this Pre-Registration Notice, the information provided in the Website Notice also applies to this Pre-Registration Notice, in particular regarding the identity and the contact details of the controller, the contact details of the data protection officer, data retention, and the rights of Data Subjects under the GDPR.
2. How We Process Personal Data When You Pre-Register With 360X
2.1 Pre-Registration With 360X and Signing Up For Our Newsletter
For pre-registering with us and signing up for our newsletter about new investment opportunities in digital stakes related to our platforms, it is necessary to complete a double opt-in procedure. After providing your personal data through our pre-registration form, namely
-
Your first and last name;
-
Your email address*;
-
Your user type (professional or retail user)
-
Your nationality and residency;
-
Whether you would like to invest in digital assets and/or list your assets on our platform;
-
Whether you are interested in tokens representing Art, Music and/or Real Estate; and
-
Technical registration data (such as your IP address and the time/date of your registration);
(*) Required field(s)
you will receive an email to confirm your registration, which shall prevent unauthorized users to register with your personal email address. When registering for the newsletter, your IP address and the date and time of registration are temporarily stored by our emailing services provider (see, section 2.4 below). You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link available in the footer of every newsletter.
The legal bases we rely on to process the above-mentioned categories of personal data is Art. 6(1), sentence 1, lit. b GDPR, which allows us to complete your pre-registration with us and take steps at your request prior to entering into an agreement with us, as well as your consent (Art. 6(1), sentence 1, lit. a GDPR) into receiving our newsletter and/or email updates when you will be able to sign up for the platform.
The aforementioned categories of personal data, processed by us for the purposes of sending newsletters and/or email updates when you will be able to sign up for the platform as part of your pre-registration with us, will be stored until you unsubscribe from the newsletter and/or the email updates, and will be deleted from our servers as well as from the servers of our emailing services provider (see, section 2.4 below) when you unsubscribe. Please note that we may retain certain categories of personal data we have received from you for other purposes, such as to perform a contract with you or to observe statutory retention periods (please refer to our Website Notice).
2.2 Personal Data Disclosures To Our Partners Throughout The Pre-Registration Process
Depending on the information you submitted through our pre-registration form, we disclose the personal data that you provided by this means with our partners:
-
If you stated that you are interested in tokens representing Art: With 360X Art AG, Neue Rothofstraße 13-19, 60313 Frankfurt am Main, Germany;
-
If you stated that you are interested in tokens representing Music: With 360X Music AG and Twelvebytwelve GmbH, Revaler Straße 99, Halle 20, House of Music, 10245 Berlin, Germany;
-
If you stated that you are interested in tokens representing Real Estate: With tectrex AG, c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main, Germany.
All of our above mentioned partners will provide you with targeted advice on the management of digital stakes of alternative asset classes (depending on your choices). The legal bases we rely on to disclose your personal data to our partners is Art. 6(1), sentence 1, lit. b GDPR, which allows us to complete your pre-registration with us and take steps at your request prior to entering into an agreement with us or our partners, as well as our legitimate interests existing in this regard (Art. 6(1), sentence 1, lit. f GDPR). If you do not want your data to be shared with our aforementioned partners, please do not select any option in the field “I am interested in” in our pre-registration form.
2.3 Personal Data Processing By Wix.com Ltd.
We are using hosting services provided by Wix.com Ltd., 40 Namal Tel Aviv St, Tel Aviv, Israel (“Wix”) for the hosting of our pre-registration form and the related website (landing page). You can find general information on the processing of personal data by Wix at https://www.wix.com/about/privacy. We have signed a data processing agreement with Wix, which is acting as our data processor and processes personal data of users on our behalf and instructions at data centers that are located in the United States of America, Ireland, Japan and Israel. In the course of the provision of its hosting services, Wix may also process personal data in other countries, including the Republic of Korea and Taiwan, if necessary.
With regard to personal data transfers by Wix to countries outside of the European Union or the European Economic Area, which do not provide for an adequate level of protection for the personal data of EU individuals, including the United States of America or Taiwan, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with Wix. We can provide you with a copy of the Standard Contractual Clauses upon your request to info@360x.com.
With regard to personal data transfers by Wix to Japan, the Republic of Korea and Israel, the European Commission has recognized these countries in so called “adequacy decisions” as providing an adequate level of data protection. Personal data transfers to these countries will be conducted under the applicable adequacy decisions. You can find a current list of countries providing an adequate level of data protection as well as links to the relevant “adequacy decisions” at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
2.4 Use of Rapidmail As Our Emailing Services Provider
We are using emailing services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”). You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Personal Data sent through our pre-registration form is transmitted and stored using TLS encryption to Rapidmail’s servers. Such data can only be accessed with a decryption key.
3.Use of Cookies on Our Website
Cookies are small text files that are stored by your web browser when you visit a website and may contain certain information such as your IP address, information about the content you view or your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Website, and allow us to learn about your visit and your use of online services.
We use of the following cookies that will be stored on your device and subsequently accessed:
Cookie Name
Purpose, Source Domain and Description
Cookie Type
Legal Basis
Retention Period
-
XSRF-TOKEN
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
hs
-
Cookie used for security purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
svSession
-
Cookie used in connection with the website user login
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
SSR-caching
-
Cookie used to indicate the system used to render the website
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
1 minute
-
-
_wixCIDX
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
3 months
-
-
_wix_browser_sess
-
Cookie used for system monitoring/troubleshooting
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
consent-policy
-
Cookie used for cookie banner parameters
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
smSession
-
Cookie used to identify logged in website members
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
TS*
-
Cookie used for security and anti-fraud purposes
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
Session
-
-
bSession
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
30 minutes
-
-
fedops.logger.X
-
Cookie used for measuring system performance
-
Essential
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
-
wixLanguage
-
Cookie used on multilingual websites to store the user's language settings
-
Functional
-
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
-
12 months
-
4. Changes to this Pre-Registration Notice
New legal requirements, corporate decisions or technical developments may lead to changes to this Pre-Registration Notice and require us to adapt this Pre-Registration Notice accordingly. You will always find the current version on our pre-registration website. Please note that external links to third-party websites or their contact information may change over time. If you find any information that is outdated, please let us know.
360X Data Privacy
DATA PROTECTION NOTICE
360X AG (“we”, “us”, “our”) processes personal data only as provided by law, in particular the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). This data protection notice (the “Notice”) provides information about the processing of personal data relating to you when using our website and its functions at https://www.360x.com, including any subdomain ending with “.360x.com” (our “Website”).
Personal data refers to any information relating to an identified or identifiable natural person (“Data Subjects”), such as our Website visitors, and may include their name, contact details or technical identifiers.
Table of Contents:
1. Who We Are
1.1 Our Identity as Data Controller
1.2 Name and address of the Data Security Officer
2. How We Process Personal Data When You Visit This Website
2.1 Personal Data Processing By Our Web Servers
2.2 Personal Data Processing By Wix.com Ltd.
2.2 Use of Amazon Web Services As Our Hosting Services Provider and Content Delivery Network
2.3 Use of Matomo to Get Insights Into How Visitors Use Our Website
2.4 Use of Rapidmail As Our Emailing Services Provider
3. How We Process Personal Data When You Contact Us
3.1 Personal Data Processing Related to Email Correspondence
3.2 Personal Data Processing Related to the Use of Our Contact Form
4. How We Process Personal Data When You Send Us Your Application For a Job Offer
4.1 Use of Personio for Job Offer and Application Management
4.2 Do You Have to Provide Your Personal Data to Us?
4.3 Legal Basis For Processing Your Personal Data Throughout the Application Procedure
4.4 Period For Which We Will Store Your Personal Data From the Application Procedure
5. Use of Cookies on Our Website
6. Your Rights as a Data Subject
7. We Refrain from Automated Individual Decision-making
8. General Technical and Organizational Measures
9. Changes to this Data Protection Notice
1. Who We Are and How You Can Reach Our Data Protection Officer
1.1 Our Identity as Data Controller
We process personal data relating to you as data controller. You can contact us in a number of ways:
360X AGNeue Rothofstraße 13-1960313 Frankfurt am MainDeutschlandE-Mail: privacy@360x.com
1.2 Name and address of the Data Security Officer
The data protection officer is:
Kemal Webersohn of WS Datenschutz GmbH
If you have questions about data protection, you can contact WS Datenschutz GmbH at the following email address:
WS Datenschutz GmbH
Dircksenstraße 51D-10178 Berlin
https://webersohnundscholtz.de
2. How We Process Personal Data When You Visit This Website
2.1 Personal Data Processing By Our Web Servers
When you visit our Website without providing any other personal data that is technically necessary for establishing a connection to our web servers and for displaying our Website, your browser will automatically send certain information to our web servers. The following categories of personal data are collected automatically:
Public IP address of the requesting entity or of your end user device;
Date and time of the request, time zone included;
Requested URL, including query parameters and request headers;
Access status/HTTP status code;
Amount of data transferred in each case;
Website from which the request originates (so-called referrer URL);
HTTP headers (including your browser type, version and language; your operating system and interface; name of your Internet Service Provider).
The legal basis we rely on to process your personal data is Art. 6(1), sentence 1, lit. f GDPR, which allows us to process personal data when it is necessary for our legitimate interests. In particular, we process the above-mentioned categories of personal data for ensuring the continuity of our business by letting you access our Website without disruptions and maintain the integrity of our IT systems (e.g., for preventing server overload through distributed denial-of-service (DDoS) attacks). Such personal data will be temporarily stored in server log files for as long as necessary to maintain and improve the security and stability of our IT systems over a period of 90 days.
2.2 Personal Data Processing By Wix.com Ltd.
We are using hosting services provided by Wix.com Ltd., 40 Namal Tel Aviv St, Tel Aviv, Israel (“Wix”) for the hosting of our pre-registration form and the related website (landing page). You can find general information on the processing of personal data by Wix at https://www.wix.com/about/privacy. We have signed a data processing agreement with Wix, which is acting as our data processor and processes personal data of users on our behalf and instructions at data centres that are located in the United States of America, Ireland, Japan and Israel. In the course of the provision of its hosting services, Wix may also process personal data in other countries, including the Republic of Korea and Taiwan, if necessary.
With regard to personal data transfers by Wix to countries outside of the European Union or the European Economic Area, which do not provide for an adequate level of protection for the personal data of EU individuals, including the United States of America or Taiwan, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with Wix. We can provide you with a copy of the Standard Contractual Clauses upon your request to info@360x.com.
With regard to personal data transfers by Wix to Japan, the Republic of Korea and Israel, the European Commission has recognized these countries in so-called “adequacy decisions” as providing an adequate level of data protection. Personal data transfers to these countries will be conducted under the applicable adequacy decisions. You can find a current list of countries providing an adequate level of data protection as well as links to the relevant “adequacy decisions” at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Additionally, AWS has provided specific warranties with regard to the protection of personal data and the laws and practices of governmental authorities in its “Supplementary Addendum to the AWS GDPR DPA”, which is available at https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf. AWS has adopted a number of supplementary measures, which are summarized at https://aws.amazon.com/compliance/gdpr-center/#Can_I_continue_to_use_AWS_services_following_the_Schrems_II_ruling.3F_.”
2.3 Use of Amazon Web Services As Our Hosting Services Provider and Content Delivery Network
We are using hosting services provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States of America (“AWS”). You can find AWS’ privacy policy at https://aws.amazon.com/privacy/?nc1=h_ls. We have signed a Data Processing Addendum with AWS, which is acting as data processor and processes personal data of Website visitors on our behalf and instructions on servers that are located in Frankfurt, Germany.
With regard to personal data transfers by AWS to a country outside of the European Union or the European Economic Area, including the United States of America, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with AWS. You can find a copy of the Standard Contractual Clauses at https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf. Additionally, AWS has provided specific warranties with regard to the protection of personal data and the laws and practices of governmental authorities in its “Supplementary Addendum to the AWS GDPR DPA”, which is available at https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf. AWS has adopted a number of supplementary measures, which are summarized at https://aws.amazon.com/compliance/gdpr-center/#Can_I_continue_to_use_AWS_services_following_the_Schrems_II_ruling.3F_.
Furthermore, we use AWS CloudFront (“CloudFront”) to properly deliver content provided on our Website. CloudFront is a service of AWS which acts as a content delivery network (CDN) for our Website and helps us to provide content from our Website in a faster and more reliable way by using a network of distributed servers. This allows CloudFront to analyze traffic between your browser and our Website and filter potentially harmful Internet traffic. The legal basis we rely on to process your personal data in this regard is Art. 6(1), sentence 1, lit. f GDPR for the purposes stated under section 2.1 above. CloudFront also offers a variety of technical and organizational measures, including encryption both in transit and at rest as well as restricted access to content, as described at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html.
2.4 Use of Rapidmail As Our Emailing Services Provider
We are using emailing services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”). You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Personal Data sent through our pre-registration form is transmitted and stored using TLS encryption to Rapidmail’s servers. Such data can only be accessed with a decryption key.
3. How We Process Personal Data When You Contact Us
3.1 Personal Data Processing Related to Email Correspondence
When you contact us by email, we will collect, use and store personal data you provide (such as your investment type and activities, your name, your email address, your contact details and further information provided by you) to process and answer your enquiry adequately.
We will erase such data when storage is no longer necessary according to the circumstances (e.g., when we have provided a final response to your enquiry). Alternatively, we will restrict the processing if there are any applicable legal retention obligations, in particular where federal German laws require us to store our electronic correspondence containing commercial letters and other business and/or tax-related documents for a period of up to six or ten years (see, Sec. 147 of the German Tax Code, Sec. 257 of the German Commercial Code).
The legal basis for such processing is Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into, to perform or to terminate a contract with us. In this case, the legal basis follows from Art. 6(1), sentence 1, lit. b GDPR.
3.2 Personal Data Processing Related to the Use of Our Contact Form
We are using services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”) for our contact form. You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Please note that you are not required to use the contact form provided on our Website. You are also welcome to contact us by any other means.
Depending on the information you submitted through our contact form, we may also share personal data that you provided by this means with our partners and domain experts, tectrex AG, headquartered in c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main, 360X Art AG, headquartered in Neue Rothofstraße 13-19, 60313 Frankfurt am Main and 360X and 360X Music AG, headquartered in Revaler Straße 99, Halle 20, House of Music, 10245 Berlin, to provide you with targeted advice on the management of digital stakes of alternative asset classes (such as art and real estate). The legal basis for such processing is Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into, to perform or to terminate a contract with us. In this case, the legal basis follows from Art. 6(1), sentence 1, lit. b GDPR. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1), sentence 1, lit. f GDPR (Art. 21(1) GDPR), including to sharing your personal data with our aforementioned partners.
Data retention and erasure takes place according to the criteria we explain under section 3.1 above.
4. How We Process Personal Data When You Send Us Your Application For a Job Offer
4.1 Use of Personio for Job Offer and Application Management
We use the personnel administration and applicant management software of Personio GmbH, Rundfunkplatz 4, 80335 München, Germany (“Personio”). If you send us your application through Personio’s application form, personal data included therein will be transmitted and stored using TLS encryption to Personio’s servers located in Frankfurt, Germany. Such data can only be accessed with a decryption key. We have signed a Data Processing Agreement with Personio, which is acting as data processor and processes personal data of applicants on our behalf and instructions. Personio provides more information on its efforts to comply with the GDPR and its technical and organizational measures at https://www.personio.com/data-security/. For the processing of personal data on Personio’s website, please refer to their data privacy policy available at https://www.personio.com/privacy-policy/.
4.2 Do You Have to Provide Your Personal Data to Us?
To apply for a job with us, you need to provide us with the data required for assessing and perhaps selecting you. The information required in each case can be found in the job description or will be stated specifically in the application form. This includes personal data such as your name, address, a means of contact, and proof of the qualifications required for a position with us. Upon request, we will be happy to provide you with the information required for a specific position.
You are not required to use Personio’s application form and can send us your application by letter instead, for example. Please note, however, that despite the widespread use of transport encryption, we cannot guarantee the security of the transmission of any email that you send to us for applying. Therefore, sending unencrypted emails to us is at your own risk.
4.3 Legal Basis For Processing Your Personal Data Throughout the Application Procedure
The legal basis for processing your personal data throughout the application procedure follows from Art. 6(1), sentence 1, lit. b GDPR in conjunction with Sec. 26(1), sentence 1 BDSG.
Where we collect special categories of personal data within the meaning of Art. 9(1) GDPR (e.g. health data, such as the existence of a severe disability, or ethnic origin) from applicants during the application process, to allow us or the applicant to exercise the specific rights in the field of employment and social security and social protection law, such data will be processed in accordance with Art. 9(2) lit. b GDPR in conjunction with Sec. 26(3), sentence 1 BDSG. Where necessary for the protection of vital interests of applicants or other persons, Art. 9(2) lit. c GDPR serves as legal basis. For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the applicant, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, we rely on Art. 9(2) lit. h GDPR in conjunction with applicable provisions from European Union or German law. If we ask for your voluntary and express consent in this respect, we process special categories of personal data on the basis of Art. 9(2) lit. a GDPR in conjunction with Sec. 26(3), sentence 2 BDSG.
4.4 Period For Which We Will Store Your Personal Data From the Application Procedure
If your application is successful, your applicant data will be further processed by us to establish, perform and terminate the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. We will also erase personal data from applicants if they withdraw their application, which they are entitled to do at any time. We will erase personal data from the application procedure no later than six months after this procedure has been completed. Such storage is necessary to allow us to answer any follow-up questions about the application procedure and enable us to provide evidence under the requirements for the the equal treatment of applicants arising from the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz) and applicable time limits. Invoices for any reimbursement of travel expenses will be retained in accordance with tax law requirements (see, section 3.1 above).
5. Use of Cookies on Our Website
Cookies are small text files that are stored by your web browser when you visit a website and may contain certain information such as your IP address, information about the content you view or your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Website, and allow us to learn about your visit and your use of online services.
We use of the following cookies that will be stored on your device and subsequently accessed:
Cookie Name
Purpose, Source Domain and Description
Cookie Type
Legal Basis
Retention Period
XSRF-TOKEN
Cookie used for security purposes
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
hs
Cookie used for security purposes
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
svSession
Cookie used in connection with the website user login
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
SSR-caching
Cookie used to indicate the system used to render the website
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
1 minute
_wixCIDX
Cookie used for system monitoring/troubleshooting
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
3 months
_wix_browser_sess
Cookie used for system monitoring/troubleshooting
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
consent-policy
Cookie used for cookie banner parameters
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
smSession
Cookie used to identify logged in website members
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
TS*
Cookie used for security and anti-fraud purposes
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
bSession
Cookie used for measuring system performance
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
30 minutes
fedops.logger.X
Cookie used for measuring system performance
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
wixLanguage
Cookie used on multilingual websites to store the user's language settings
Functional
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
6. Your Rights as a Data Subject
As a Data Subject, you have the right to obtain confirmation as to whether personal data relating to you are being processed by us and, where that is the case, the right to access to the personal data to you and a copy thereof (Art. 15(1) and (3) GDPR).
If we process inaccurate personal data, you have the right to rectification (Art. 16 GDPR).
In some cases described by law, you may request the erasure of personal data concerning you or the restriction of processing (Art. 17 and 18 GDPR).
If processing is based on your consent within the meaning of Art. 6(1), sentence 1, letter a GDPR and/or Art. 9(2), letter a GDPR, you may withdraw your consent at any time (Art. 7(3) GDPR), which would not affect the lawfulness of processing based on consent before its withdrawal.
If processing is based on your consent within the meaning of Art. 6(1), sentence 1, letter a GDPR and/or Art. 9(2), letter a GDPR and the data processing is carried out by automated means, you have a right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Art. 20 GDPR).
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Art. 6(1), sentence 1, letter e or f GDPR (Art. 21(1) GDPR).You may object to the processing of your personal data on the basis of on Art. 6(1), sentence 1, letter f GDPR for direct marketing purposes at any time (Art. 21(2) GDPR), without stating grounds relating to your particular situation. However, we would like to point out that we do not process your personal data for this purpose.
Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority. You can for example contact the supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement. The data protection supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, Germany, Telephone: +49 (0)611 1408-0, https://datenschutz.hessen.de.
If you have any questions or complaints about how we process your personal data, we recommend that you first contact us (see the contact details under section 1.1 above).
7. We Refrain from Automated Individual Decision-making
We do not make any automated decisions based solely on automated processing, including profiling, which produce legal effects concerning the visitors of our Website or similarly significantly affects them.
8. General Technical and Organizational Measures
We have taken appropriate technical and organizational measures to protect the personal data you provide against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. For instance, our employees and all persons acting under our authority are obliged to comply with data protection laws and to process personal data in confidential manner. To protect the personal data of our users, we also use a secure online transfer protocol, the so-called “Transport Layer Security” (TLS) transmission. You can recognize this by a final “s” appended to the URL (“https://”) or a closed lock symbol in your browser. Clicking on the symbol provides you with further information about the TLS certificate used. Symbols and explanations may vary according to the browser you are using. TLS encryption ensures the encrypted and complete transmission of your data.
9. Changes to this Data Protection Notice
New legal requirements, corporate decisions or technical developments may lead to changes to this Notice and require us to adapt this Notice accordingly. You will always find the current version on our Website. Please note that external links to third-party websites or their contact information may change over time. If you find any information that is outdated, please let us know.
DATA PROTECTION NOTICE FOR PRE-REGISTERING WITH 360X
360X AG (“we”, “us”, “our”) processes personal data only as provided by law, in particular the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the German Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). Personal data refers to any information relating to an identified or identifiable natural person (“Data Subjects”), such as our pre-registered users, and may include their name, contact details or technical identifiers.
This data protection notice for pre-registering with 360X (the “Pre-Registration Notice”) provides specific information about the processing of personal data relating to you when pre-registering with us by submitting personal data through our pre-registration form and receiving subsequent communication.
For general information about the processing of personal data when using our website and its functions at https://www.360x.com, including any subdomain ending with “.360x.com”, please refer to https://www.360x.com/data-privacy (our “Website Notice”).
1. General Application of the Website Notice
Unless otherwise stated in this Pre-Registration Notice, the information provided in the Website Notice also applies to this Pre-Registration Notice, in particular regarding the identity and the contact details of the controller, the contact details of the data protection officer, data retention, and the rights of Data Subjects under the GDPR.
2. How We Process Personal Data When You Pre-Register With 360X
2.1 Pre-Registration With 360X and Signing Up For Our Newsletter
For pre-registering with us and signing up for our newsletter about new investment opportunities in digital stakes related to our platforms, it is necessary to complete a double opt-in procedure. After providing your personal data through our pre-registration form, namely
Your first and last name;
Your email address*;
Your user type (professional or retail user)
Your nationality and residency;
Whether you would like to invest in digital assets and/or list your assets on our platform;
Whether you are interested in tokens representing Art, Music and/or Real Estate; and
Technical registration data (such as your IP address and the time/date of your registration);
(*) Required field(s)
you will receive an email to confirm your registration, which shall prevent unauthorized users to register with your personal email address. When registering for the newsletter, your IP address and the date and time of registration are temporarily stored by our emailing services provider (see, section 2.4 below). You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link available in the footer of every newsletter.
The legal bases we rely on to process the above-mentioned categories of personal data is Art. 6(1), sentence 1, lit. b GDPR, which allows us to complete your pre-registration with us and take steps at your request prior to entering into an agreement with us, as well as your consent (Art. 6(1), sentence 1, lit. a GDPR) into receiving our newsletter and/or email updates when you will be able to sign up for the platform.
The aforementioned categories of personal data, processed by us for the purposes of sending newsletters and/or email updates when you will be able to sign up for the platform as part of your pre-registration with us, will be stored until you unsubscribe from the newsletter and/or the email updates, and will be deleted from our servers as well as from the servers of our emailing services provider (see, section 2.4 below) when you unsubscribe. Please note that we may retain certain categories of personal data we have received from you for other purposes, such as to perform a contract with you or to observe statutory retention periods (please refer to our Website Notice).
2.2 Personal Data Disclosures To Our Partners Throughout The Pre-Registration Process
Depending on the information you submitted through our pre-registration form, we disclose the personal data that you provided by this means with our partners:
If you stated that you are interested in tokens representing Art: With 360X Art AG, Neue Rothofstraße 13-19, 60313 Frankfurt am Main, Germany;
If you stated that you are interested in tokens representing Music: With 360X Music AG and Twelvebytwelve GmbH, Revaler Straße 99, Halle 20, House of Music, 10245 Berlin, Germany;
If you stated that you are interested in tokens representing Real Estate: With tectrex AG, c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main, Germany.
All of our above mentioned partners will provide you with targeted advice on the management of digital stakes of alternative asset classes (depending on your choices). The legal bases we rely on to disclose your personal data to our partners is Art. 6(1), sentence 1, lit. b GDPR, which allows us to complete your pre-registration with us and take steps at your request prior to entering into an agreement with us or our partners, as well as our legitimate interests existing in this regard (Art. 6(1), sentence 1, lit. f GDPR). If you do not want your data to be shared with our aforementioned partners, please do not select any option in the field “I am interested in” in our pre-registration form.
2.3 Personal Data Processing By Wix.com Ltd.
We are using hosting services provided by Wix.com Ltd., 40 Namal Tel Aviv St, Tel Aviv, Israel (“Wix”) for the hosting of our pre-registration form and the related website (landing page). You can find general information on the processing of personal data by Wix at https://www.wix.com/about/privacy. We have signed a data processing agreement with Wix, which is acting as our data processor and processes personal data of users on our behalf and instructions at data centers that are located in the United States of America, Ireland, Japan and Israel. In the course of the provision of its hosting services, Wix may also process personal data in other countries, including the Republic of Korea and Taiwan, if necessary.
With regard to personal data transfers by Wix to countries outside of the European Union or the European Economic Area, which do not provide for an adequate level of protection for the personal data of EU individuals, including the United States of America or Taiwan, we have entered into Standard Contractual Clauses (Module 2: Transfer controller to processor) as appropriate safeguards with Wix. We can provide you with a copy of the Standard Contractual Clauses upon your request to info@360x.com.
With regard to personal data transfers by Wix to Japan, the Republic of Korea and Israel, the European Commission has recognized these countries in so called “adequacy decisions” as providing an adequate level of data protection. Personal data transfers to these countries will be conducted under the applicable adequacy decisions. You can find a current list of countries providing an adequate level of data protection as well as links to the relevant “adequacy decisions” at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
2.4 Use of Rapidmail As Our Emailing Services Provider
We are using emailing services (including newsletter services and related analytics) and hosting services provided by rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany (“Rapidmail”). You can find information on the processing of personal data by Rapidmail at https://www.rapidmail.com/data-security. We have signed a data processing agreement with Rapidmail, which is acting as data processor and processes personal data of pre-registered users on our behalf and instructions.
Rapidmail relies on datacenters that are certified according to ISO-27001 using servers that are located in Germany. We do neither transfer personal data to a country outside of the European Union or the European Economic Area, nor do we instruct Rapidmail to engage in such transfers.
Personal Data sent through our pre-registration form is transmitted and stored using TLS encryption to Rapidmail’s servers. Such data can only be accessed with a decryption key.
3. Use of Cookies on Our Website
Cookies are small text files that are stored by your web browser when you visit a website and may contain certain information such as your IP address, information about the content you view or your preferences and settings. Cookies also help us provide you with customized content, speed navigation through our Website, and allow us to learn about your visit and your use of online services.
We use of the following cookies that will be stored on your device and subsequently accessed:
Cookie Name
Purpose, Source Domain and Description
Cookie Type
Legal Basis
Retention Period
XSRF-TOKEN
Cookie used for security purposes
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
hs
Cookie used for security purposes
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
svSession
Cookie used in connection with the website user login
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
SSR-caching
Cookie used to indicate the system used to render the website
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
1 minute
_wixCIDX
Cookie used for system monitoring/troubleshooting
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
3 months
_wix_browser_sess
Cookie used for system monitoring/troubleshooting
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
consent-policy
Cookie used for cookie banner parameters
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
smSession
Cookie used to identify logged in website members
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
TS*
Cookie used for security and anti-fraud purposes
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
Session
bSession
Cookie used for measuring system performance
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
30 minutes
fedops.logger.X
Cookie used for measuring system performance
Essential
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
wixLanguage
Cookie used on multilingual websites to store the user's language settings
Functional
Art. 6(1), sentence 1, lit. f GDPR (legitimate interests)
12 months
4. Changes to this Pre-Registration Notice
New legal requirements, corporate decisions or technical developments may lead to changes to this Pre-Registration Notice and require us to adapt this Pre-Registration Notice accordingly. You will always find the current version on our pre-registration website. Please note that external links to third-party websites or their contact information may change over time. If you find any information that is outdated, please let us know.
DATA PRIVACY STATEMENT REGARDING OUR SOCIAL MEDIA APPEARANCES
I. Responsible persons with regard to joint control in social media
360X AG, Neue Rothofstraße Nr. 13-19, 60313 Frankfurt am Main, Germany, E-Mail: info@360x.com, Homepage: www.360x.com is maintaining appearances in the following social media:
• LinkedIn: https://de.linkedin.com/company/360xag
• Medium: https://medium.com/@360X
• Twitter: https://twitter.com/360X_AG
Therefore, we use the services of:
• LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland and LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA (“LinkedIn”)
• A Medium Corporation, 799 Market St FL 5 San Francisco, CA, 94103-2047, USA (“Medium”)
• Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”)
Pursuant to judgement of the European Court of Justice the operators of social media sites and the operators of social media services act as joint controllers. (http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=298398)
We would like to point out that you use our social media appearances and its functions in your own authority. This applies especially to the use of interactive features such as commenting on posts, sharing of posts and rating posts. In case you do not want to use social media to inform yourself about our company you may also find the information published on our website.
II. Data protection officers
Our data protection officer is:
Kemal Webersohn of Webersohn & Scholtz GmbH
If you have questions about data protection, you can contact Webersohn & Scholtz via the following email address:
or by mail:
WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin
https://webersohnundscholtz.de/
The data protection officer of the respective social media operator can be reached via the respective social media network:
The data privacy officer of LinkedIn can be reached via the following contact link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
The data privacy officer of Medium can be reached via email under privacy@medium.com or the following contact link: https://help.medium.com/hc/en-us/requests/new#/360002298134/360051136954
The data privacy officer of Twitter can be reached via the following contact link: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
III. Data processing in social media with regard to the operators of social media
When visiting our social media appearances, the social media operators may collect personal data, such as your IP address and further information gathered using cookies. Personal data will be used to provide us with statistical feedback about the use of our social media appearance. The collected personal data will be processed by the social media operator and may be transferred to countries outside the European Union. The information the operator of the respective social network receives and how it is used is described in the privacy statements of each social network. You can also find their contact information there.
Further information can be found under the following links:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Medium: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Twitter: https://twitter.com/de/privacy
As it is not conclusively and clearly stated by the social media operators, it isunknown to us in what way the social media operators use data, gathered from visits to our social media site, for their own purposes, to what extent activities on the social media site are attributed to individual users, how long the operators store this data and whether data from the social media sites is shared with third parties.
When visiting our social media appearances, the IP address of your device will be disclosed to the operator of the social network. Social media networks additionally store information on their user’s devices so that they might be able to match IP addresses to individuals.
If you are currently logged in to the respective social network as a user, you will find a cookie with your individual identifier in this social network on your device. This will allow you to understand that you visited a page and how you used it. Based on this data content or advertising can be tailored to suit you.
If you want to avoid this, you should log out of the respective social network or deactivate the function "stay logged in", delete the existing cookies on your device and stop and restart your browser. In this way, login information which you can be immediately identified by, will be deleted. This allows you to use our social media appearances without revealing your identifier. When you access interactive features of our social media appearance (like, comment, share, news, etc.), a login screen will appear. After logging in, you will be again recognizable as a specific user for the used social network.
For information on how to manage or delete existing information within the social media network, refer to the support pages listed above for each social network.
IV. Data processing with regard to our social media appearances
1. Type and scope of data processing
We may process the information you provide to us via our social media appearances, including your username and content posted through your account, to react to your messages. In addition, your published posts, reviews and comments refer to your account in the respective social network. If you mention us using “@”, “#“ or other, this mention may be published in our social media appearance with regard to your user name. In this way data you published in a social media network may be includedin our social media appearance in this network and thusly be accessible to other users of the respective social network. If you “like”, “follow” our social media appearance or interact with it in a similar way, we will be notified by the respective social media network with your username and link to your account.
We additionally do not collect and process / collect and process the following databased on your interaction with our social media appearance:
• [details of the type of data and nature, extent and purpose of processing]
2. Legal basis of data processing
The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interests are to provide information about our company and to keep in contact with our customers and prospective customers.
3. Purpose of data processing
We process personal data provided by you in this context exclusively for the purpose of customer communication and prospective customer communication. Our legitimate interest is to offer a platform where we can provide you with up-to-date informationabout our company and are able to quickly respond to your requests.
4. Duration of storage
Your data will be stored in accordance to the storage periods of the respective social media network and will be deleted whenever possible when cancelling a social media appearance.
V. Your rights
You have the following rights with respect to the personal data concerning you:
5. Right to withdraw a given consent (Art. 7 GDPR)
If you have given your consent to the processing of your data, you can withdraw it at any time. This will affect the admissibility of processing your personal data by the controller for the time after you have withdrawn your consent. To withdraw your consent, contact the controller personally or in written form.
6. Right of access (Art. 15 GDPR)
You have the right to obtain from the controller confirmation as to whether or notpersonal data concerning you are being processed by it, and, where that is the case, access to your personal data and the following information:
• The purpose of processing;
• The categories of personal data concerned;
• The recipients or the categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in countries outside of the EU or international organisations;
• Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
• All available information on the source of your personal data;
• The existence of automated decision-making, including profiling, referred to Art. 22 Para. 1 and 4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.
7. Right to rectification and erasure (Art. 16, 17 GDPR)
You have the right to obtain from the controller without undue delay the rectification and completion of inaccurate personal data concerning yourself.
You may also request the deletion of your personal data if any of the following applies to you:
• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
• You withdraw consent on which the processing is based according to Art. 6 Para. 1 s.1 lit. a) or Art. 9 Para. 2 lit. a) GDPR, and where there is no other legal ground of processing;
• You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the you object to the processing pursuant to Art. 21 Para. 2 GDPR;
• The personal data have been unlawfully processed;
• The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
• The personal data have been collected in relation to the offer of information society services referred to in Art. 8 Para. 1.
Where the personal data has been made public and the controller is obliged to erase the personal data pursuant to Art. 17 Para. 1 GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
These rights shall not apply to the extent that processing is necessary:
• For exercising the right of freedom of expression and information;
• For compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• For reasons of public interest in the area of public health in accordance of Art. 9 Para. 2 lit. h) and i) as well as Para. 9 Para. 3 GDPR;
• For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Para. 1 GDPR, in so far as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
• For the establishment, exercise or defence of legal claims.
8. Right to restriction of processing (Art. 18 GDPR)
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
• The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• The controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• You have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the limitation of the processing is restricted, you will be informed by the controllerbefore the restriction is lifted.
9. Right to information (Art. 19 GDPR)
If you have asserted the controller your right to rectification, deletion or restriction of data processing, the controller will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort.
You also have the right to know which recipients have received your personal data.
10. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data, which you provided to a controller, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller, where
• The processing is based on consent pursuant of Art. 6 Para. 1 S.1 lit. a) GDPR or of Art. 9 Para. 2 lit. a) GDPR or is based on a contract pursuant of Art. 6 Para. 1 S. 1 lit. b) DS-GVO; and
• The processing is carried out by automated means.
In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from one controller to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to the controller.
11. Right to object (Art. 21 GDPR)
Where the controller based the processing of your personal data on a legitimate interest (Art. 6 Para. 1 S. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 Para. 1 S. 1 lit. e).
In this case, please explain the reasons why the controller should not process your personal data. Based on this the controller will terminate or adapt the data processing or show you our legitimate reasons why the controller continues the data processing.
12. Right to lodge a complaint with supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.
13. How to exercise these rights
To exercise these rights, please contact the responsible data security officer whose contact details you can find under point 2.
If you have any questions about us, you can reach us under the contact details listed under point 1.
Further information on social media networks and how you can protect your data can also be found at: https://youngdata.de.
VI. Subject to Change
We reserve the right to change this privacy policy in compliance with legal requirements.
April 2023