Date: 17.04.2023

The following privacy policy informs you about the personal data that Senken GmbH, Lottumstrasse 15, 10119 Berlin (" Senken “) processes in the context of your use of the website and our platform at " https://www.senken.io/ “ together "Platform“) and your use of other communication channels (email, phone) to contact us. We inform you about the respective legal basis, purpose, and manner in which we process your personal data. In addition, we inform you about your rights in this context and the duration of storage.

Personal data means any data that can be used to personally identify you or make you identifiable. This includes, for example, data such as your name, address, or phone number, as well as an online identifier.

• Responsible Party and Data Protection Officer

  Responsible party according to Art. 4 No. 7 GDPR for the processing of personal data is:

  Senken GmbH
  Lottumstrasse 15
  10119 Berlin
  Deutschland
  
  contact@senken.io
  

  For the exercise of your rights or for further information, please contact our data protection officer at the following contact details:
  
  contact@senken.io

• Processing purposes and legal basis for data processing in detail
  • a. Server log files when accessing the platform

    When you visit our platform, your browser automatically sends certain information to the server of our platform. This information is automatically collected and stored in so-called "server log files" or "log files" each time you access our platform. These include:

    • The IP address of your computer,
    • The operating system of your computer (if applicable),
    • The type of browser you are using (Firefox, Google Chrome, etc.) and its version,
    • The request of your browser,
    • The time of this request,
    • The status of the request,
    • The amount of data transferred in the context of this request,
    • DThe date and time of access,
    • The URL of the website from which you accessed our platform (referrer URL),
    • The URL of the website you accessed via our platform.

    The temporary storage of IP addresses by the system is necessary to enable delivery of the platform to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. The storage of log files is done to ensure the functionality of the platform: these data are processed to identify and rectify errors of the platform, to determine the load of the platform or to make improvements, and to ensure the security of our information technology systems. These purposes also represent our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR. This also constitutes the legal basis for data processing. There is no consolidation of this data with other data sources, nor is an evaluation of the data for marketing purposes carried out.

    The access data collected in the context of using our platform will only be stored for the period required to achieve the above-mentioned purposes. Your IP address will be stored on our web server for a maximum of 15 days for IT security purposes.

  • b. Contact Form/Contacting us via Email

    If you contact us via the contact form or by email, your message including the contact information provided by you will be stored for the purpose of processing and answering your request as well as for possible follow-up questions. We will not disclose this information to third parties, unless it is necessary for the processing and answering of your request or you have given us your express consent.

    If you contact us within the scope of an existing contractual relationship or contact us for information about our platform and services, the data and information provided by you will be processed for the purpose of processing and answering your request in accordance with Art. 6 (1) sentence 1 lit. b GDPR. Otherwise, the processing is carried out to protect our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR in order to properly respond to customer or contact inquiries.

    The following personal data will be processed in this context:

    • First name, last name (optional)
    • Email address
    • Message content

    In addition, any other personal data transmitted in the content of the message will be stored. Only you can influence which data this concerns.

    At the time of sending the message, the following data will also be stored:

    • Date and time of contact.

    Your data will be stored with us until the purpose for data processing no longer applies. This is usually the case after your request has been completed. Mandatory legal provisions, in particular retention periods, remain unaffected.

• Registration and use of the platform
  • a. Registration

    On our platform, we offer you the possibility to register and create a profile. We use the Web3Auth service from the service provider Torus Labs Private Limited, 8A Jalan Klapa, Singapore. If you register via Web3Auth with your social media account, we process your first and last name as well as your email address. If you register via email, we only process your email address.

    If you register with an external wallet on MetaMask (ConsenSys Software Inc., 49 Bogart St APT 22 Brooklyn, NY, 11206-3840 United States), we do not process any further information. We only receive confirmation from MetaMask that you have a wallet there. With this wallet, you can use the platform. We do not store or process your personal data from the wallet, but only display this data on the platform.

    You can choose a profile picture and a profile name in your profile on the platform if you wish. You can delete these at any time yourself.

    The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b GDPR, fulfillment of a contract or pre-contractual obligations.

    To transfer funds via bank transfer, you are required to verify your account through a KYC process with our third-party provider, Prime Trust ( https://www.primetrust.com/ )) and Persona Technologies, Inc ( https://withpersona.com/ ). To initiate this process, you will need to acknowledge and sign an agreement with both Prime Trust and Persona. We do not store any of the data/documentation that you provide during the KYC process for any other purposes than forwarding it to Prime Trust and Persona, except for your email address, which we store as a link to your account details. This is to enable us to send you email notifications when actions regarding the transfer of funds are processed.

    You can find information about the processing of personal data by Torus Labs Private Limited here: https://web3auth.io/docs/legal/privacy-policy

    You can find information about the processing of personal data by MetaMask here: https://consensys.net/privacy-policy/

    You can find information about the processing of personal data by Prime Trust here: https://www.primetrust.com/legal/privacy-policy

    You can find information about the processing of personal data by Persona Technologies, Inc here: https://withpersona.com/privacy

  • b. Location

    When accessing the platform, we store the IP address of your computer to obtain information about your location. This data is stored to ensure the security of the platform and will be deleted within 14 days. The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.

  • c. Deletion of your data

    We do not store your personal data and information about your transactions, but simply display the data stored on the blockchain through the platform. Therefore, we cannot delete your data on the blockchain.

• Exchange on the platform

  Transactions via our platform are not stored by us but only on the blockchain. The platform only provides a function through which transactions can be displayed. You can view your transactions on the platform or directly on the blockchain.

  We use the service Alchemy, Alchemy Insights, Inc., 542 Brannan Street, San Francisco, CA 94107, USA, which allows us to make requests to the blockchain server-side. It is an interface through which the platform accesses the infrastructure. Senken does not transmit any personal data in this regard, but rather displays existing data on the blockchain within the platform.

  We have an integration with the service MoonPay by MoonPay PTE Limited, 100 Peck Sheah Street, #07-07, PS100, Singapore for allowing users to send money to their accounts on the blockchain. We do not process any data that arises during this exchange via MoonPay and also have no access to it.

  Information on the processing of personal data by Alchemy Insights, Inc. can be found here: https://www.alchemy.com/policies/terms

  Information on the processing of personal data by MoonPay can be found here: https://www.moonpay.com/legal/privacy_policy

  Users are provided with the opportunity to exchange tokenized CO2 credits for cryptocurrencies with each other on the platform. This is done through interactions with smart-contracts on the Blockchain. We do not process any data that arises during this exchange. The exchange, together with the address associated to the user will be traced on the blockchain.

• Use of service providers by senken
  We use the following service providers:
  • a. Hosting

    As part of hosting, we use the services of Amazon Web Services Europe Sarl ("AWS"), which is based in Luxembourg. AWS acts as a data processor for us in accordance with Art. 28 GDPR. Processing of personal data only takes place for our purposes and on our instructions. In addition, data hosted by AWS is encrypted. In this context, information is only transmitted to servers in the Frankfurt am Main region and stored there.

    The aforementioned processing of your data serves the purpose of providing the technical infrastructure necessary to provide our services through the storage service.

    The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

    Information about the processing of personal data by AWS can be found here: hhttps://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

  • b. Carbon Rating

    We also use the services of BeZero, Discovery House, 28-42 Banner Street, London EC1Y 8QE, UK, on the platform to display information on Carbon Rating. This only involves the display of content from BeZero. No personal data is transmitted to BeZero.

    Information about the processing of personal data by BeZero can be found here: https://bezerocarbon.com/other/BeZero Carbon - Privacy Policy.pdf

  • b. Google Analytics

    We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

    We have activated the IP anonymization feature on this website. Your IP address will be truncated within the European Union or the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

    The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. Our legitimate interests in using this service are to analyze and optimize our website for the benefit of our users and visitors.

    You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

    For more information about Google's privacy policy, please visit https://policies.google.com/privacy

• Social media presence

  We have a presence on various social media platforms, which are listed below. We use our social media presence to inform about our range of services and to communicate with (potential) users. When you visit these sites, we are jointly responsible with the operator for data processing. However, we only have partial influence on the corresponding data processing operations. Personal data that you publish on social media platforms can be used for market research and advertising purposes.

  • a. Twitter

    The following information applies to the processing of data in connection with the use of the senken Twitter page, which can be accessed at https://twitter.com/senken_io (hereinafter referred to as the "Twitter page").

    In addition to this information, please also note Twitter's privacy policy. In particular, information about the processing of data by Twitter in connection with interactions with the Twitter page, information on the legal basis and purposes of processing personal data, as well as information on data deletion and storage periods at Twitter can be found here:
    https://twitter.com/de/privacy

    Twitter fulfills all obligations under the GDPR with regard to the processing of analytics data. We do not make any decisions regarding the processing of analytics data, and all other information arising from Art. 13 GDPR is provided only by Twitter Analytics.

    The contact details of Twitter are:

    Twitter International Company
    One Cumberland Place
    Fenian Street
    Dublin 2
    D02 AX07
    Ireland

    Contact details of the data protection officer of Twitter International Company
    https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp

    The data protection supervisory authority for Twitter is:
    Data Protection Commission
    21 Fitzwilliam Square South
    Dublin 2, D02 RD28
    Ireland
    +353 578 684 800
    +353 761 104 800
    Online form: https://forms.dataprotection.ie/contact

    To exercise their rights as data subjects against Twitter, users follow this link: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp

    In interactions between the user and the Twitter page, Senken processes the following personal data of the user:

    • Public profile information of the user;
    • In tweets and retweets, personal data provided therein;
    • In replies to tweets, personal data provided therein;
    • When tagging people in photos;

    Through Twitter Analytics (analytics services for the use and interaction with Twitter pages), further statistical data of the users is processed by Twitter. Twitter does not provide any personal data to senken. We only receive numerical evaluations from Twitter on the use and interaction of users with the Twitter page.

    We process personal data of the users to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. These are the following purposes:

    • Evaluation of the analyses and statistics of the Twitter page created and provided by Twitter with regard to the interaction by users with the Twitter page.
    • Communication and interaction via the Twitter page initiated by users.

    We do not have access to the personal data processed by Twitter in the context of analytics.

  • b. LinkedIn

    The following information applies to data processing in the context of using the Senken LinkedIn page, which can be accessed at https://vc.linkedin.com/company/senken (hereinafter referred to as the "LinkedIn page").

    Please also refer to LinkedIn's privacy policy. Information on data processing by LinkedIn in interactions with the LinkedIn page, the legal bases and purposes of processing personal data, and information on data deletion and storage periods at LinkedIn can be found here: https://de.linkedin.com/legal/privacy-policy

    If Senken and LinkedIn are joint controllers under Art. 26 (1) GDPR, the agreement concluded between Senken and LinkedIn, which can be accessed at the following link, shall apply:
    https://legal.linkedin.com/pages-joint-controller-addendum

    The contact details of LinkedIn are:
    LinkedIn
    Ireland
    Unlimited Company
    Wilton Place
    Dublin 2
    Ireland

    The contact details of the Data Protection Officer of LinkedIn Ireland Unlimited Company are available at:
    https://www.linkedin.com/help/linkedin/ask/TSO-DPO

    The data protection supervisory authority for LinkedIn is:
    Data Protection Commission
    21 Fitzwilliam Square South
    Dublin 2,
    D02 RD28
    Ireland
    +353 578 684 800
    +353 761 104 800

    Online form:
    https://forms.dataprotection.ie/contact

    To exercise the data subject rights against LinkedIn, users can follow this link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
    Senken processes the following personal data of users in interactions with the LinkedIn page:

    • Public profile information of the user;
    • Personal data indicated in posts;
    • Personal data indicated in comments;
    • Personal data indicated in messages sent to Senken via LinkedIn;
    • Additional user data is processed through LinkedIn Insights (analytical services for the use and interaction with LinkedIn pages). Senken does not receive any personal data from LinkedIn. Senken only receives numerical evaluations from LinkedIn regarding the use and interaction of users with the LinkedIn page. Further information on the processing of insights data in interactions with the LinkedIn page can be found here: https://legal.linkedin.com/pages-joint-controller-addendum

    We process personal data of users for the purpose of fulfilling contracts concluded with the users or for the performance of pre-contractual measures (Art. 6 (1) lit. b GDPR). Personal data is provided to us when users:

    • Ask questions about the services and offerings of Senken via the LinkedIn page, or
    • request other information about Senken via the LinkedIn page.

    The type of processed data depends on the data that the user provides to Senken. Typically, this includes the following data:

    • First name, last name
    • Salutation
    • Employer
    • Position
    • City, country
    • Personal data provided by the user in the course of contact.

    We also process personal data of users to safeguard our legitimate interests (Art. 6 (1) lit. f GDPR). These are the following purposes:

    • Evaluation of analyses and statistics of the LinkedIn page created and provided by LinkedIn regarding user interaction with the LinkedIn page.
    • Improvement of the LinkedIn page in terms of user-friendliness and attractiveness as well as the implementation of marketing measures.
    • Communication and interaction through the LinkedIn page opened by users.

    We have no access to the personal data processed by LinkedIn in the context of insights, but only to those included in the aggregated page insights. These are the following evaluations, each for a specific period:

    • Current followers of the LinkedIn page (with current workplace, date of following, location, job function, length of service, industry, company size)
    • Breakdown of visitors with time of website visit, job function, location, length of service, industry, and company size.

    Other statistical data of members and visitors of LinkedIn are processed. LinkedIn does not provide us with any further personal data. We only receive numerical evaluations from LinkedIn on the use and interaction of users with the LinkedIn page.

    Other statistical data of members and visitors of LinkedIn are processed. LinkedIn does not provide us with any further personal data. We only receive numerical evaluations from LinkedIn on the use and interaction of users with the LinkedIn page. LinkedIn fulfills all obligations under the GDPR with regard to the processing of Insights data. We do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR. These are only provided by LinkedIn. Information on the legal basis and purposes of processing personal data by LinkedIn, as well as the essential elements of the Insights addendum, can be found here:

    • LinkedIn privacy policy: https://de.linkedin.com/legal/privacy-policy

    Information on page Insights: https://legal.linkedin.com/pages-joint-controller-addendum

• No disclosure of personal data

  We generally do not disclose your personal data beyond the processing activities described, unless you have consented to the data disclosure or we are authorized or required to disclose data due to legal provisions and/or official or judicial orders. This may include, in particular, the provision of information for the purposes of criminal prosecution, hazard prevention or enforcement of intellectual property rights.

• Rights of data subjects
  You have the following rights with regard to your personal data processed by senken, which you can assert against senken:
  • Right of access: You can request information in accordance with Art. 15 GDPR about your personal data processed by senken.
  • Right to rectification: If the information concerning you is incorrect or incomplete, you have the right under Art. 16 GDPR to request that it be corrected or completed.
  • Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: You have the right to request restriction of the processing of your personal data in accordance with Art. 18 GDPR.
  • Right to object to processing: You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR, in accordance with Art. 21(1) GDPR. In this case, senken will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or if the processing serves the establishment, exercise or defense of legal claims (Art. 21(1) GDPR). You also have the right under Art. 21(2) GDPR to object at any time to the processing of personal data concerning you for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. senken will inform you of your right to object in this privacy policy in connection with the respective processing. senken does not conduct any profiling.
  • Right to withdraw consent: If you have given your consent to processing, you have the right to withdraw your consent at any time with effect for the future. This means that your withdrawal will not affect the lawfulness of processing carried out before you withdrew your consent. You do not have to give reasons for your withdrawal. A simple email to contact@senken.io is sufficient.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format ("data portability"), and have the right to transmit those data to another controller where the conditions set out in Art. 20(1)(a), (b) GDPR are met (Art. 20 GDPR).

  You can assert your rights by notifying the contact details mentioned in section 1 or the data protection officer also mentioned there.

  If data subjects believe that the processing of their personal data violates data protection law, they also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority of their choice. This also includes the data protection supervisory authority responsible for senken:

  The Hessian Commissioner for Data Protection and Freedom of Information
  Postfach 3163
  65021 Wiesbaden
  Phone: +49 611 1408 – 0
  poststelle@datenschutz.hessen.de