Value

Services

Process

Contact Us

Contact Us

Value

Services

Process

Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to simply as “data”) that we process, for what purposes, and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the course of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offer”).
 The terms used are gender-neutral.

Last updated: 20 July 2025

Table of Contents

Preamble
Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
Rights of Data Subjects
Business Services
Payment Processing
Provision of the Online Offer and Web Hosting
Use of Cookies
Online Marketing
Social Media Presences
Amendment and Update
Definitions

 

Controller

Svyatoslav Bugaev
Case B Blockchain Security Services
Schönhauser Allee 163, 10435 Berlin, Germany
Email: contact@caseb.org
Telephone: +49 176 55458537

 

Overview of Processing Activities

The following overview summarises the types of data processed, the purposes of processing, and references the affected groups of data subjects.

Types of Data Processed

  • Identification data

  • Payment data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Metadata, communication, and procedural data

  • Log data

Categories of Data Subjects

  • Service recipients and clients

  • Interested parties (prospective clients)

  • Users

  • Business and contractual partners

Purposes of Processing

  • Provision of contractual services and fulfilment of contractual obligations

  • Communication

  • Security measures

  • Reach measurement (analytics)

  • Tracking

  • Office and organisational procedures

  • Conversion measurement

  • Audience/target group creation

  • Organisational and administrative procedures

  • Feedback

  • Marketing

  • Profiles with user-related information

  • Provision of our Online Offer and user-friendliness

  • Information technology infrastructure

  • Public relations

  • Business processes and economic/operational procedures

 

Relevant Legal Bases

Legal bases under the GDPR

Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Where more specific legal bases apply in individual cases, we will inform you of these in this Privacy Policy.

  • Consent (Art. 6(1)(a) GDPR) — The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) — Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6(1)(c) GDPR) — Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6(1)(f) GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests, fundamental rights, and freedoms of the data subject requiring the protection of personal data.

National data protection regulations in Germany

In addition to the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions, in particular on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfers as well as automated decision-making in individual cases, including profiling. The data protection laws of the individual German federal states may also apply.

 

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability safeguards, and separation of data. We have also implemented procedures to ensure the exercise of data subject rights, the deletion of data, and responses to threats to data. Furthermore, we take the protection of personal data into account when developing and selecting hardware, software, and procedures in accordance with the principle of data protection by design and by default.

Securing online connections via TLS/SSL encryption technology (HTTPS)

To protect user data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cornerstones of secure data transmission on the Internet. These technologies encrypt information transmitted between the website or app and the user’s browser (or between two servers), protecting the data from unauthorised access. TLS, the more advanced and secure successor to SSL, ensures that all data transmissions meet the highest security standards. When a website is protected by an SSL/TLS certificate, this is indicated by “HTTPS” in the URL, serving as an indicator to users that their data is transmitted securely and in encrypted form.

 

Rights of Data Subjects

Under the GDPR, data subjects have various rights, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to withdraw consent: You have the right to withdraw consent at any time.

  • Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed, and access to that data, as well as further information and a copy of the data in accordance with legal requirements.

  • Right to rectification: You have the right to request the completion of your data or the correction of inaccurate personal data concerning you.

  • Right to erasure and restriction of processing: You have the right to request that personal data concerning you be erased without undue delay or, alternatively, to request restriction of processing, in accordance with legal requirements.

  • Right to data portability: You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.

  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

 

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contract partners”), within the scope of contractual and comparable legal relationships and related measures, and with regard to communication with contract partners (including prior to entering into a contract), such as responding to enquiries.

We use this data to fulfil our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies in the event of warranty claims and other service disruptions. Furthermore, we use the data to safeguard our rights and for administrative tasks associated with these obligations and organisational purposes. In addition, we process the data on the basis of our legitimate interests in proper and economically sound business operations and in security measures to protect our contract partners and our business operations from misuse, risks to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the scope of applicable law, we only disclose contract partner data to third parties to the extent necessary for the above purposes or to comply with legal obligations. Contract partners will be informed about further forms of processing, such as for marketing purposes, within this Privacy Policy.

We inform contract partners which data is required for these purposes before or at the time of collection, e.g., in online forms, by specific markings (e.g., colours) or symbols (e.g., asterisk), or in person.

We delete data after the expiry of statutory warranty and comparable obligations, generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for statutory archiving purposes (e.g., for tax purposes generally ten years). Data disclosed to us by contract partners in the context of an assignment is deleted in accordance with the requirements and generally after the end of the assignment.

Processed data types: identification data (e.g., full name, address, contact details, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter, term, customer category).
 Data subjects: service recipients and clients; interested parties; business and contractual partners.
 Purposes of processing: provision of contractual services and fulfilment of contractual obligations; communication; office and organisational procedures; organisational and administrative procedures; business processes and economic/operational procedures.
 Retention and deletion: deletion in accordance with the section “General information on data retention and deletion”.
 Legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

 

Payment Processing

Within the scope of contractual and other legal relationships, due to legal obligations or on the basis of our legitimate interests, we offer efficient and secure payment options and, in addition to banks and credit institutions, use other service providers (collectively, “payment service providers”). Payment transactions are carried out exclusively via encrypted connections in accordance with the state of the art, so that the entered data is protected from unauthorised access during transmission.

Data processed by payment service providers includes identification data (e.g., name and address), bank data (e.g., account or credit card numbers), passwords, TANs, checksums, and contract-, amount-, and recipient-related information. This information is required to process transactions. However, the entered data is only processed and stored by the payment service providers. This means we do not receive account- or credit-card-related information, but only information confirming or rejecting payment. In some cases, payment service providers may transmit data to credit reference agencies. This transmission serves identity and creditworthiness checks. In this regard, we refer to the terms and conditions and privacy notices of the payment service providers.

Payment transactions are subject to the terms and privacy notices of the respective payment service providers, which can be accessed on their websites or transaction applications. We also refer to these for further information and for exercising rights of withdrawal, access, and other data subject rights.

Processed data types: identification data; payment data; contract data; usage data; metadata, communication, and procedural data.
 Data subjects: service recipients and clients; business and contractual partners; interested parties.
 Purposes of processing: provision of contractual services and fulfilment of contractual obligations; business processes and economic/operational procedures.
 Retention and deletion: deletion in accordance with the section “General information on data retention and deletion”.
 Legal bases: performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Additional information on processing activities, procedures, and services:
 PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg; legal bases: Art. 6(1)(b) GDPR; website: https://www.paypal.com/de; privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full.

 

Provision of the Online Offer and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

Processed data types: usage data; metadata, communication, and procedural data; log data; content data.
 Data subjects: users (e.g., website visitors, users of online services).
 Purposes of processing: provision of our Online Offer and user-friendliness; IT infrastructure; security measures.
 Retention and deletion: deletion in accordance with the section “General information on data retention and deletion”.
 Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Additional information on processing activities, procedures, and services:
 Provision of the Online Offer on rented hosting resources: we use storage space, computing capacity, and software from a server provider (“web host”); legal basis: Art. 6(1)(f) GDPR.
 Collection of access data and log files: access is logged via “server log files”, which may include requested pages/files, date/time, data volume, success messages, browser type/version, operating system, referrer URL, IP address, and requesting provider. These log files are used for security (e.g., DDoS protection) and to ensure server stability; legal basis: Art. 6(1)(f) GDPR. Log file retention: up to 30 days, then deleted or anonymised. Data required as evidence is excluded from deletion until the incident is fully clarified.
 Email sending and hosting: hosting services may include sending, receiving, and storing emails. Recipient/sender addresses, transmission-related information, and email content may be processed; data may also be processed to detect spam. Emails are generally not end-to-end encrypted; they may be encrypted in transit but not necessarily on the sending/receiving servers; we cannot assume responsibility for the transmission path between sender and receipt on our server; legal basis: Art. 6(1)(f) GDPR.

 

Use of Cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies may be used for various purposes, such as functionality, security, convenience of online offers, and analysis of visitor flows. We use cookies in accordance with legal requirements. Where required, we obtain users’ consent in advance. Where consent is not required, we rely on our legitimate interests. This applies where storing and reading information is essential to provide explicitly requested content and functions, such as storing settings and ensuring functionality and security. Consent can be withdrawn at any time. We provide clear information about the scope and the cookies used.

Notes on legal bases: whether we process personal data via cookies depends on consent. If consent is given, it is the legal basis. Without consent, we rely on our legitimate interests as described above and in the context of the respective services and procedures.

Storage duration:
 Temporary cookies (session cookies) are deleted when the user leaves an online offer and closes the device (e.g., browser or mobile app).
 Persistent cookies remain stored after the device is closed; for example, to store login status or display preferred content when the user visits again; usage data collected via cookies may be used for reach measurement. Unless we provide explicit details about cookie type and duration, users should assume cookies are persistent and may be stored for up to two years.

General information on withdrawal and objection (opt-out): users may withdraw consent at any time and may also object to processing in accordance with legal requirements, including via their browser privacy settings.

Processed data types: metadata, communication, and procedural data.
 Data subjects: users.
 Legal bases: legitimate interests (Art. 6(1)(f) GDPR); consent (Art. 6(1)(a) GDPR).

Additional information on processing activities, procedures, and services:
 Consent management: we use a consent management solution to obtain, record, manage, and enable withdrawal of consent for cookies and similar technologies. Consent declarations are stored to avoid repeated prompts and to provide evidence of consent. Storage may take place server-side and/or via an opt-in cookie or comparable technologies. Unless provider-specific information is available, consent may be stored for up to two years and linked to a pseudonymous user identifier along with timestamp, scope of consent, and device/browser information; legal basis: consent (Art. 6(1)(a) GDPR).

 

Online Marketing

We process personal data for online marketing purposes, including the marketing of advertising space or the display of promotional and other content (“content”) based on users’ potential interests and for measuring its effectiveness.

For these purposes, user profiles may be created and stored in a file (a “cookie”) or similar procedures used, enabling the storage of information relevant to the display of such content. This may include viewed content, visited websites, used online networks, communication partners, and technical information such as the browser used, the computer system, as well as usage times and used functions. If users have consented to the collection of location data, this may also be processed.

Users’ IP addresses are also stored. However, we use available IP masking methods (pseudonymisation by shortening the IP address) to protect users. In general, no clear personal data (e.g., email addresses or names) is stored within online marketing processes, but pseudonyms. This means that we and the providers of online marketing processes do not know the actual identity of users, but only the information stored in their profiles.

The statements in profiles are typically stored in cookies or via similar procedures. These cookies may also be read later on other websites that use the same online marketing process, analysed for content display purposes, supplemented with additional data, and stored on the server of the online marketing provider.

In exceptional cases, clear data may be assigned to profiles, primarily when users are members of a social network whose online marketing process we use and the network links user profiles with the aforementioned information. Please note that users may enter into additional agreements with providers, for example by giving consent during registration.

We generally only receive aggregated information about the success of our advertisements. However, as part of conversion measurement, we can check which of our online marketing processes has led to a “conversion”, e.g., the conclusion of a contract with us. Conversion measurement is used solely to analyse the success of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Notes on legal bases: where we ask users for consent for third-party providers, the legal basis is consent. Otherwise, user data is processed on the basis of our legitimate interests (interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on cookies in this Privacy Policy.

Notes on withdrawal and objection: we refer to the privacy notices of the respective providers and the opt-out options specified by those providers. If no explicit opt-out option is provided, you may disable cookies in your browser settings; however, functions of our Online Offer may then be restricted. We additionally recommend the following general opt-out options:
 Europe: https://www.youronlinechoices.eu
 Canada: https://youradchoices.ca/
 USA: https://optout.aboutads.info/
 Cross-territory: https://optout.aboutads.info

Processed data types: usage data; metadata, communication, and procedural data.
Data subjects: users.
Purposes of processing: reach measurement; tracking; audience creation; marketing; profiles with user-related information; conversion measurement.
Retention and deletion: deletion in accordance with the section “General information on data retention and deletion”; cookies may be stored for up to two years.
Security measures: IP masking.
Legal bases: consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Additional information on processing activities, procedures, and services:
Google Ads and conversion measurement: provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR); website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy; basis for third-country transfers: Data Privacy Framework (DPF); further information: https://business.safety.google/adsservices/; controller terms and SCCs: https://business.safety.google/adscontrollerterms.
 LinkedIn Insight Tag: provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legal basis: consent (Art. 6(1)(a) GDPR); website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; cookie policy: https://www.linkedin.com/legal/cookie_policy; DPA: https://www.linkedin.com/legal/l/dpa; basis for third-country transfers: DPF and SCCs (https://legal.linkedin.com/dpa); opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Social Media Presences

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the European Union. This may entail risks for users, e.g., because enforcing user rights may be more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on user behaviour and resulting interests. These profiles may, in turn, be used to place advertisements within and outside the networks that presumably correspond to users’ interests. Therefore, cookies are typically stored on users’ computers, in which user behaviour and interests are stored. In addition, data may also be stored in usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing activities and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

We also note that requests for information and the exercise of data subject rights can be enforced most effectively with the providers, as only they have access to user data and can directly take appropriate measures and provide information. If you still need assistance, you may contact us.

Processed data types: contact data; content data; usage data.
 Data subjects: users.
 Purposes of processing: communication; feedback; public relations.
 Retention and deletion: deletion in accordance with the section “General information on data retention and deletion”.
 Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Additional information on processing activities, procedures, and services:
 LinkedIn: We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data used to generate “Page Insights” (statistics) for our LinkedIn profiles. Such data includes information about the types of content users view or interact with and actions they take; device details such as IP address, operating system, browser type, language settings, and cookie data; and profile information such as job function, country, industry, seniority, company size, and employment status. LinkedIn’s privacy information: https://www.linkedin.com/legal/privacy-policy.
 We have concluded a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”: https://legal.linkedin.com/pages-joint-controller-addendum) regulating, in particular, the security measures LinkedIn must observe and LinkedIn’s commitment to fulfil data subject rights. Users may submit access or deletion requests directly to LinkedIn. Joint controllership is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company (EU). Further processing, including transfer to LinkedIn Corporation in the USA, is carried out solely by LinkedIn Ireland Unlimited Company; provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legal basis: legitimate interests (Art. 6(1)(f) GDPR); opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Amendment and Update

We ask you to regularly inform yourself about the content of our Privacy Policy. We adapt the Privacy Policy as soon as changes to our data processing make this necessary. We will inform you as soon as any changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this Privacy Policy, please note that these addresses may change over time and we ask you to verify the information prior to contacting them.

 

Definitions

This section provides an overview of the terms used in this Privacy Policy. Where terms are legally defined, those statutory definitions apply. The explanations below are intended primarily to aid understanding.

Identification data: identification data includes essential information required for the identification and management of contract partners, user accounts, profiles, and similar assignments (e.g., names, contact details, dates of birth, user IDs).
 Content data: information generated in the creation, editing, and publication of content (e.g., texts, images, videos, audio files) including related metadata (tags, descriptions, authorship, publication dates).
 Contact data: information that enables communication with individuals or organisations (telephone numbers, postal addresses, email addresses, social media handles, messenger identifiers).
 Conversion measurement: a method for determining the effectiveness of marketing measures, typically involving storing a cookie on user devices and retrieving it again on the target website.
 Metadata, communication, and procedural data: data describing context, origin, and structure of other data (metadata), exchanges between users via various channels (communication data), and processes within systems/organisations (procedural data), including audit logs.
 Usage data: information capturing how users interact with digital products/services (page views, time spent, click paths, frequency, timestamps, IP address, device information, location data), used for analytics, optimisation, personalisation, and improvement.
 Personal data: any information relating to an identified or identifiable natural person (“data subject”).
 Profiles with user-related information: any automated processing of personal data to analyse, evaluate, or predict personal aspects (e.g., interests, behaviour, demographics); cookies and web beacons are often used.
 Log data: information about events/activities recorded in a system/network (timestamps, IPs, user actions, errors), used for troubleshooting, security monitoring, and reporting.
 Reach measurement (web analytics): analysis of visitor flows and behaviour/interests to adapt content; pseudonymous cookies/web beacons are often used.
 Tracking: monitoring user behaviour across multiple online offers; information is typically stored in cookies or on provider servers and used, for example, for interest-based advertising.
 Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly, determines the purposes and means of processing personal data.
 Processing: any operation performed on personal data, whether or not by automated means (collection, analysis, storage, transmission, deletion, etc.).
 Contract data: information documenting the terms and conditions of an agreement (parties, services/products, duration, pricing, payment terms, termination, extensions, special clauses).
 Payment data: information necessary to process payment transactions (bank details, credit card data, amounts, transaction details, verification codes, invoices, payment status).
 Audience creation (custom audiences/lookalike audiences): creating target groups for advertising based on interests/behaviour; cookies/web beacons are typically used.

Case B Blockchain Security Services

Schönhauser Allee 163, 10435 Berlin, Germany

contact@caseb.org

Navigation

Value

Services

Process

Legal

Privacy Policy

Legal Notice

© Case B. All rights reserved. 2025