Privacy Policy

We – (“nxtAssets” or “we”) – would like to inform you about how we process your personal data in accordance with the General Data Protection Regulation (“GDPR”).

We take the protection of your personal data very seriously. We treat your data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, visit our social media pages or contact us, various types of personal data may be collected, i.e. data with which you can be personally identified. This Privacy Policy explains what data we collect, how we collect it and for what purpose.

I. General information

1. Data controller

The data processing described in this Privacy Policy is carried out by or on behalf of nxtAssets. The controller pursuant to the GDPR and other national data protection laws and regulations is:

nxtAssets GmbH
Neue Mainzer Strasse 66–68
60311 Frankfurt
Registered at Frankfurt Local Court, HRB 134562
Tel. +49 (0)69 46 00 3412
info@nxtassets.com

2. Data protection officer

We have appointed a data protection officer. You can reach our data protection officer at:

nxtAssets GmbH
– Data Protection Officer –
Neue Mainzer Strasse 66–68
60311 Frankfurt
info@nxtassets.com

3. Collection of your data

How is your data collected?

Some data is collected when you provide it to us, for example by email. Other data is collected automatically or with your consent when you visit the website. This mainly comprises technical data (e.g. browser type, operating system, time of page access). This data is collected automatically when you enter the website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data is used to respond to your enquiries. When you visit this website, your surfing behaviour may be statistically analysed using analytics tools. You can find detailed information about these tools below in this Privacy Policy.

Where do we process your data?

Your data is processed exclusively in an EU member state, a contracting state of the EEA or in a third country for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

How long do we store your data?

Unless a specific retention period is mentioned in this Privacy Policy, your personal data will remain with us until the purpose for processing no longer applies. If you request erasure or revoke consent, your data will be erased unless there are other legally permissible reasons (e.g. retention obligations).

4. Legal basis for data processing

  • Consent: Art. 6(1)(a) GDPR
  • Contract or pre-contractual measures: Art. 6(1)(b) GDPR
  • Legal obligations: Art. 6(1)(c) GDPR
  • Legitimate interests: Art. 6(1)(f) GDPR

The specific legal basis for each case is detailed in the relevant section below.

5. Recipients of personal data

We may share data with external parties in the course of our business. This occurs only when legally permitted or based on contracts for data processing. In cases of joint processing, a joint controller agreement is concluded.

6. Data subject rights

If we process your personal data, you have the following rights under the GDPR:

  • Right to access, rectification and erasure
  • Right to restrict processing
  • Right to data portability
  • Right to revoke consent
  • Right to object to processing, including direct marketing
  • Right to lodge a complaint with a supervisory authority

7. Data security

We use appropriate technical and organisational measures to protect your data. Our website uses SSL/TLS encryption for secure data transmission. You can recognise encrypted connections by the lock icon and “https://” in your browser address bar.

(Continued in next message…)

II. Data processing on this website

8. Website hosting and log files

Our website is hosted by:

netcup GmbH
Daimlerstrasse 25
76185 Karlsruhe
Privacy policy: https://www.netcup.com/en/contact/data-privacy

We have signed a data processing agreement with netcup to ensure GDPR-compliant handling of personal data.

When you access our website, netcup automatically collects the following data:

  • Name and URL of the accessed file
  • Browser type and version
  • Operating system
  • Referrer URL
  • Date and time of access
  • IP address
  • Status codes and transferred data volume

This data is collected under Art. 6(1)(f) GDPR based on our legitimate interest in website security, smooth operation and usability. Log data is deleted after 14 days unless needed for legal or security reasons.

9. Cookies

We use cookies to improve website functionality. These may be:

  • First-party cookies (set by us)
  • Third-party cookies (set by external providers)

Types of cookies:

  • Session or functional cookies: keep navigation elements open, provide help texts
  • Language or region settings cookies: remember your preferences

You can configure your browser to accept or block cookies. Session cookies are deleted when you close your browser; others expire based on individual lifespans. Cookies are used in accordance with Art. 6(1)(f) GDPR.

10. Analytics and advertising tools

10.1 Google Tag Manager

Used based on your consent (Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG)). Does not store personal data but loads tools that might. IP address may be transmitted to the US under the EU-US Data Privacy Framework. More: https://www.dataprivacyframework.gov/participant/5780

10.2 Google Analytics

Used based on consent (Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG)). Anonymised IP addresses within the EU. Stores data for 14 months. Opt-out via: https://tools.google.com/dlpage/gaoptout?hl=en-GB
More information: https://support.google.com/analytics/answer/6004245?hl=en-GB

10.3 Google conversion tracking

Used based on consent (Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG)). Helps measure ad effectiveness. No personal identification. More information: https://policies.google.com/privacy?hl=en-GB

11. Consent and cookie manager (Borlabs)

We use Borlabs Cookie to manage cookie consent. Your preferences are saved in your browser. Data is not transferred to Borlabs. Legal basis: Art. 6(1)(c) GDPR.
More information: https://borlabs.io/kb/what-information-does-borlabs-cookie-store /

III. Data when communicating with us

12. Enquiries by post, email or phone

We process your enquiry and related data (name, message, address, phone, email) under:

  • Art. 6(1)(b) GDPR (contract-related communication)
  • Art. 6(1)(f) GDPR (legitimate interest)
  • Art. 6(1)(a) GDPR (with consent, if applicable)

Data is deleted after your request is resolved unless retention is required by law.

Delivery requests

If you request physical delivery of cryptocurrency, your data will be processed and shared with involved parties under Art. 6(1)(b) GDPR.

13. Email and file storage (hagel IT)

We use hagel IT-Services GmbH (Spaldingstrasse 64-68, 20097 Hamburg) and Microsoft services to store enquiries. Data is stored in EU data centres.
More information: https://www.hagel-it.de/datenschutz.html

14. Microsoft 365

Used for email communication and file storage. Data is stored in EU data centres by Microsoft Ireland.
More information: https://privacy.microsoft.com/en-gb/privacystatement

15. Microsoft Teams

Used for video/audio conferencing. Processes user data, technical data, recordings, chat messages, shared files etc. Only used with your consent. Data is deleted when no longer needed.
More information: https://privacy.microsoft.com/en-gb/privacystatement

If meetings are recorded or transcribed, you will be informed in advance. Participation is still possible without audio/video input if you do not consent to recording.

IV. Social media – LinkedIn

We operate a company page on LinkedIn. Joint data controller with:

LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland
Joint Controller Addendum: https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn provides us with anonymous “Page Insights.” We do not control cookie storage duration or user profile data.
LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy
LinkedIn Security: https://security.linkedin.com/

V. Contact/information

All requests and questions regarding your data can be sent to:

Email: info@nxtassets.com
Post:
nxtAssets GmbH
– Data Protection Officer –
Neue Mainzer Strasse 66–68
60311 Frankfurt

Last updated: February 2025