Privacy policy

Privacy Policy for the website cryptohall24.com

1. Joint Controllers
This website is operated by two joint controllers within the meaning of Art. 26 GDPR:

Dürr Solutions GmbH
Von-Thünen-Straße 10, 59069 Hamm, Germany
Managing Director: Frederik Dürr
Commercial register: Hamm Local Court (Amtsgericht Hamm), HRB 11144
VAT ID: DE361633601
Function: Hosting and technical operation of the website

Dürr Distribution GmbH
Von-Thünen-Straße 10, 59069 Hamm, Germany
Managing Director: Frederik Dürr
Commercial register: Hamm Local Court (Amtsgericht Hamm), HRB 11809
VAT ID: DE454271703
Function: Hardware sales, distribution, infrastructure and consulting

Phone: +49 2381 3391970
E-mail: info@cryptohall24.com

Cryptohall24 is a brand of Dürr Ventures GmbH and is jointly used by the two aforementioned companies. In an agreement pursuant to Art. 26 GDPR, both companies have determined which of them fulfils which obligations under the General Data Protection Regulation. Essence of the agreement: Dürr Solutions GmbH is responsible for the technical operation and hosting of the website, Dürr Distribution GmbH for processing relating to hardware sales, distribution, infrastructure and consulting. Irrespective of this, you may exercise your rights as a data subject vis-à-vis either of the two entities. The central point of contact for all data protection matters is info@cryptohall24.com.

2. General information
The protection of your personal data is important to us. Personal data is any data that can be used to identify you personally. This privacy policy explains which data we collect when you visit this website and in the course of initiating and performing a business relationship, for what purpose we use it, and on what legal basis this is done.

Please note that data transmission over the internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

3. Hosting
We host the content of our website with the following provider: Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

When you visit our website, Webflow records various log files including your IP address. Processing may take place on servers in the USA. The transfer to the USA is safeguarded by appropriate guarantees (see section 13).

The use of Webflow is based on Art. 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG insofar as the consent covers the storage of information on the end device. The consent can be revoked at any time.

We have concluded a data processing agreement with the provider.

4. Server log files
When the website is accessed, information is automatically stored in so-called server log files, which your browser transmits automatically. These are in particular:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and security of our website. The log files are stored only for as long as required for these purposes and are then deleted. Insofar as storage takes place with our hosting provider, the duration is governed by their specifications.

5. Cookies and consent management (consent tool)
Our website uses cookies and similar technologies. Cookies are small data packets that are stored on your device. Technically necessary cookies are required for the website to function; their legal basis is Art. 6 (1) (f) GDPR and Section 25 (2) TDDDG.

We only deploy non-essential cookies and services (in particular analytics, personalisation, advertising and embedded content) after you have given your consent via our consent banner. To manage your consent, we use the consent management tool CookieScript. The provider is Objectis, UAB, Laisvės str. 60, LT-05120 Vilnius, Lithuania; processing takes place within the European Union. The tool stores your selection in a cookie so that it does not have to be requested again on your next visit, and also controls Google Consent Mode, through which Google services are only activated after you have given your consent. You can revoke or change your consent at any time with effect for the future by reopening the cookie settings via the cookie icon at the bottom left of the website. The legal basis for the consent is Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.

6. Contact and forms
6.1 Contact form and inquiries
If you contact us via a form on the website, by e-mail, telephone or messenger, we process the data you provide (e.g. name, company, e-mail address, telephone number and the content of the inquiry) in order to handle your request. The data collected via forms is stored in our customer relationship management system for further processing. The legal basis is Art. 6(1)(b) GDPR insofar as your inquiry is connected with the initiation or performance of a contract. In all other cases, processing is based on our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR).

6.2 Processing in the CRM (Zoho CRM)
To manage contacts, inquiries and the business relationship, we use the CRM system of Zoho Corporation; for European customers the contracting party is Zoho Corporation B.V., Netherlands. The data is processed in a data centre within the European Union. We have concluded a data processing agreement with the provider. The legal basis is Art. 6(1)(b) and (f) GDPR.

6.3 E-mail communication (Microsoft 365)
For e-mail communication we use Microsoft 365 (Microsoft Ireland Operations Ltd. / Microsoft Corporation), in particular Outlook. When you contact us by e-mail, we process the resulting data in order to handle your request and for communication. A data processing agreement is in place with Microsoft. The legal basis is Art. 6(1)(b) and (f) GDPR.

6.4 Contact via WhatsApp (Business)
You can also contact us via WhatsApp (Business). The provider is WhatsApp Ireland Limited, a company of the Meta group. When you write to us via WhatsApp, your telephone number and the content of your message are processed; in doing so, metadata may also be transmitted to Meta and transferred to third countries (e.g. the USA). We use WhatsApp Business exclusively for communication with persons wishing to make contact. The legal basis is Art. 6(1)(b) GDPR or your consent through actively making contact (Art. 6(1)(a) GDPR).

6.5 Customer area / dashboard
‍For registered customers we provide a protected customer area or dashboard. The application required for this is operated via the service provider Fly.io (Fly.io, Inc., USA). In this area we process the data required to perform the contract, in particular your access, master and contract data. Processing may take place on servers in the USA; the transfer is safeguarded by appropriate guarantees (see section 13). The legal basis is Art. 6(1)(b) GDPR. A data processing agreement is in place with the provider.

7. Payment processing
7.1 Bank transfer
The standard method is payment by advance payment / bank transfer to our business account. No external payment service provider is involved here. Only the payment and invoice data required for processing is processed (e.g. name, billing address, invoice amount, reference). The legal basis is Art. 6(1)(b) GDPR.

7.2 PayPal
On request, payment can be made via PayPal. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you pay via PayPal, the payment data required for processing is transmitted to PayPal; the privacy terms of PayPal additionally apply. The legal basis is Art. 6(1)(b) GDPR; where consent is requested, Art. 6(1)(a) GDPR.

7.3 Payment with cryptocurrency
Payments with cryptocurrency are processed without collecting additional personal data; only the transaction and invoice data required to allocate the payment is processed. The legal basis is Art. 6(1)(b) GDPR.

8. Newsletter
If you wish to subscribe to the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Registration takes place using the double opt-in procedure.We use Zoho Campaigns, a service of Zoho Corporation (for European customers: Zoho Corporation B.V., Netherlands), to send the newsletter. In addition, we continue to process existing data of newsletter recipients with the service provider rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg, Germany. We have concluded a data processing agreement with both providers.The data entered is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of the data and to the sending of the newsletter at any time, for example via the unsubscribe link in the newsletter. After unsubscribing, your e-mail address is deleted from the distribution list, unless statutory retention obligations prevent this.

9. Analytics and marketing tools
The following services are used only if you have previously given your consent via the consent banner. The legal basis in each case is Art. 6(1)(a) GDPR and Section 25(1) TDDDG. The consent can be revoked at any time.

9.1 Google Tag Manager
We use Google Tag Manager (container ID GTM-5HHVFN93), a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags. The tool itself does not collect personal data, but enables the triggering of further tags which may in turn collect data.

9.2 Google Analytics
We use Google Analytics (measurement ID G-325WN6LJ72), a web analytics service of Google Ireland Limited. Google Analytics uses cookies and similar technologies that enable an analysis of the use of the website. The information generated about your use of this website may be transmitted to and stored on Google servers, including in the USA. IP addresses are shortened by Google during collection and are not stored permanently.

9.3 Webflow Optimize (formerly Intellimize)
To optimise and personalise our website (A/B testing and content adaptation) we use Webflow Optimize (formerly Intellimize), a service of Webflow, Inc., USA. Usage data is processed in order to evaluate which variants of our pages perform better.

9.4 Google Ads and conversion tracking
We advertise our offers via Google Ads, a service of Google Ireland Limited. For measuring success, conversion tracking may be used which, with the help of cookies, records whether users perform certain actions on our website after clicking on an ad. Integration generally takes place via Google Tag Manager.

10. Embedded third-party functions and content
10.1 YouTube
We embed videos from the YouTube platform. The provider is Google Ireland Limited. We use YouTube in extended data protection mode (youtube-nocookie). Data is only transmitted to YouTube once you start a video. Integration takes place after your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).
10.2 Spam Protection: Cloudflare Turnstile and Google reCAPTCHA
To protect our forms against automated submissions (spam and bots), we use two services.

Cloudflare Turnstile is a service provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Turnstile uses technical characteristics (e.g. browser and connection information) to determine whether an input originates from a human or an automated program. There is no cross-site tracking of users, and the service does not use any advertising cookies.

Google reCAPTCHA is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA analyses the behaviour of website visitors on the basis of various characteristics (e.g. IP address, time spent on the page, mouse movements) in order to detect automated submissions. The analysis runs in the background.

Both services serve the security of our website and the protection of our forms against abuse and are technically required for this purpose. The legal basis is our legitimate interest in preventing spam and abuse (Art. 6 (1) (f) GDPR) in conjunction with Section 25 (2) TDDDG. Processing may take place on servers in the USA; the transfer is safeguarded by appropriate guarantees (see Section 13).

10.3 Elfsight
For interactive functions on our website (in particular live chat and appointment booking) we use widgets from the provider Elfsight (Elfsight LLC, registered outside the EU). When the widget loads and when chat or appointment booking is used, data (e.g. the information you enter and technical connection data) may be transmitted to the provider’s servers. Integration takes place after your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).

10.4 Wized
To provide dynamic content and functions (in particular the customer area) we use the service Wized, a service of Finsweet. When loading, data is transmitted to the provider’s servers. Integration takes place after your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).

10.5 Social media presences and links
On our website you will find links to our presences on LinkedIn, Instagram, Facebook and X (Twitter). These are simple links; data is only transmitted to the platforms once you actively click the respective link and switch to the platform. The respective provider is responsible for the processing on the platforms themselves.

10.6 Customer reviews
On our website we embed customer reviews provided by third parties (in particular Trustpilot, ProvenExpert and/or Google reviews). When the respective review widget loads, data may be transmitted to the provider’s servers; integration takes place partly via the Elfsight widget (see 10.3) and after your consent.

11. Recipients and processors
We only pass on personal data where this is necessary for the performance of a contract, where we are legally obliged to do so, where you have given your consent, or where the disclosure is based on a legitimate interest. We have carefully selected the service providers that process data on our behalf (e.g. hosting, CRM, newsletter dispatch, payment processing, IT services) and have placed them under contractual obligations in accordance with Art. 28 GDPR.

11.1 Shipping service providers
To deliver ordered hardware, we pass on the data required for shipping (name, delivery address, and where applicable telephone number / e-mail address for shipment tracking) to the commissioned shipping company. We generally ship with DHL (DHL Group / Deutsche Post AG), and in individual cases with UPS (United Parcel Service Deutschland S.à r.l. & Co. OHG). The legal basis is Art. 6(1)(b) GDPR.

11.2 Credit checks
When concluding transactions, we may in individual cases carry out a credit check for security purposes and transmit data to Creditreform for this purpose. We do not permanently store any data from the credit agency. The legal basis is our legitimate interest in minimising the risk of payment default (Art. 6(1)(f) GDPR) or the initiation of a contract (Art. 6(1)(b) GDPR). Insofar as the data relates exclusively to legal entities (company data), the scope of the GDPR does not apply.

12. Storage period
Unless a more specific storage period has been stated within this policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent, your data will be deleted unless statutory retention periods (in particular commercial and tax law periods of up to ten years) prevent this. In the latter case, deletion takes place after these periods expire.

13. Transfer to third countries
Some of the services we use process data outside the European Union. Services based in or processing data in the USA include in particular Webflow (including Webflow Optimize, formerly Intellimize), the Google services including Google Ads and Google reCAPTCHA, Cloudflare (Turnstile), Fly.io and Wized. For these transfers to the USA, we ensure an adequate level of data protection, either through the provider's certification under the EU-US Data Privacy Framework or through the conclusion of the EU Commission's Standard Contractual Clauses together with supplementary safeguards.

The Elfsight live chat and appointment booking widget is provided by a provider based outside the EU. Where this provider is based in a country covered by an adequacy decision of the EU Commission, the transfer is safeguarded on that basis; otherwise, it is safeguarded by the EU Commission's Standard Contractual Clauses.

Where providers process data exclusively in data centres within the European Union (in particular Zoho and CookieScript), no third-country transfer takes place.

14. No automated decision-making
Automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR does not take place.

15. Your rights as a data subject
Within the framework of the statutory provisions, you have the right at any time to:
- Information about the data stored about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to the processing (Art. 21 GDPR)
Revocation of consent: You can revoke consent you have given at any time with effect for the future. The lawfulness of the processing carried out until revocation remains unaffected.

Right to object: Insofar as data processing is based on Art. 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing.

To exercise your rights, an informal message to info@cryptohall24.com is sufficient.

Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf, poststelle@ldi.nrw.de

16. SSL / TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://".

17. Validity and amendments to this privacy policy
This privacy policy corresponds to the status stated above. As our website develops or due to changed statutory or regulatory requirements, it may become necessary to amend this privacy policy. The respective current version can be accessed on this page at any time.

In the event of discrepancies between the German and English versions, the German version shall prevail.

Version: 5 June 2026