Amtsgericht Hamburg, HRB 160429
Thomas Schmeling
Mail: info@cryptostruct.com
DE327585705
Thomas Schmeling, Sachsenstraße 5, 20097 Hamburg
The European Commission provides a platform for Online Dispute Resolution (ODR), which you can find at https://ec.europa.eu/consumers/odr. We are not obliged or prepared to participate in a dispute resolution procedure before a consumer arbitration board in accordance with the Ordinance on Online Dispute Resolution in Consumer Matters and the Consumer Dispute Resolution Act.
This privacy policy explains how CryptoStruct GmbH processes personal data when you use this website (data.cryptostruct.com), including the customer account and the purchase of market-data files.
A data protection officer is not legally required for our company (Art. 37(1) GDPR in conjunction with § 38 BDSG) and has therefore not been appointed. You can reach us regarding data protection at the address above or at info@cryptostruct.com.
a) When you visit the website (server log files)
When you access this website, your browser automatically transmits information to our server, which we store temporarily in log files:
We process this data to ensure a reliable connection, to keep the website easy to use, to evaluate system security and stability, and for other administrative purposes. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest follows from the purposes listed above. We do not use this data to draw conclusions about your person. Log files are stored only temporarily and are deleted automatically once they are no longer required for the purposes set out above.
b) When you create an account and sign in (Clerk)
To let you create a customer account and sign in, we use the authentication service Clerk, provided by Clerk, Inc. (USA). In this context we process your email address, your name (where provided), authentication identifiers and session data. The purpose is to provide and secure the account you requested. The legal basis is Art. 6(1)(b) GDPR (performance of the user relationship) and, for the strictly necessary session cookies, Art. 6(1)(f) GDPR (secure operation of the login). Clerk processes this data on our behalf as a processor under a data processing agreement (Art. 28 GDPR). Data may be transferred to the USA; an adequate level of protection is ensured through Clerk’s certification under the EU-US Data Privacy Framework and/or the EU Standard Contractual Clauses. Further information: Clerk’s privacy policy.
c) When you place an order and pay (Stripe)
When you purchase historical market-data files, we process the data required to perform the contract: your name, email address, billing address, the items ordered, your order and purchase history, and invoice data. Payment is processed by Stripe. When you proceed to checkout, you are redirected to a secure checkout page hosted by Stripe; we do not receive or store your full payment-card details. The payment service provider for customers in the EU is Stripe Payments Europe, Ltd. (Ireland); payment data may also be processed by Stripe, Inc. in the USA. The purpose is to process your order and payment and to comply with our legal accounting and tax obligations. The legal basis is Art. 6(1)(b) GDPR (performance of the purchase contract) and Art. 6(1)(c) GDPR (legal retention obligations). Transfers to the USA are safeguarded by the EU-US Data Privacy Framework and/or the EU Standard Contractual Clauses. Further information: Stripe’s privacy policy. We retain invoice and accounting data for the statutory retention periods (in particular §§ 257 HGB, 147 AO — up to ten years).
We do not transfer your personal data to third parties other than for the purposes listed below. We disclose your personal data to third parties only if: you have given your express consent (Art. 6(1)(a) GDPR); disclosure is necessary for the establishment, exercise or defence of legal claims (Art. 6(1)(f) GDPR) and no overriding interest of yours prevails; we are under a legal obligation to disclose (Art. 6(1)(c) GDPR); or it is legally permissible and necessary for the performance of a contract with you (Art. 6(1)(b) GDPR). The service providers named in this policy (Clerk, Stripe) process data on this basis to provide the account and payment functions you request.
We use cookies only where they are strictly necessary to provide the website and its essential functions. We do not use statistics/analytics cookies, marketing or advertising cookies, cross-site tracking, or third-party media embeds that set cookies. For this reason, no cookie consent banner is required.
The essential cookies are set by our authentication service (Clerk) to establish and maintain your login session and protect it against misuse (in particular session and CSRF/handshake cookies). They are only meaningful in connection with the account function you request and contain no advertising or cross-site tracking identifiers.
The legal basis for storing and accessing these strictly necessary cookies is § 25(2) no. 2 TDDDG (storage strictly necessary to provide a telemedia service explicitly requested by the user); the associated processing of personal data rests on Art. 6(1)(f) GDPR and, for the account, Art. 6(1)(b) GDPR.
Most browsers accept cookies automatically; you can configure your browser to refuse cookies or to warn you before one is stored. Disabling essential cookies may mean you cannot sign in or use all functions of this website.
Note: when you are redirected to Stripe’s checkout page to pay, Stripe may set its own cookies on Stripe’s domain. This is governed by Stripe’s privacy policy and does not concern cookies on our website.
As described in section 2, some of our processors (Clerk, Inc. and Stripe, Inc.) are located in the USA. Where personal data is transferred there, an adequate level of protection is ensured by the recipients’ certification under the EU-US Data Privacy Framework and/or the EU Standard Contractual Clauses.
Under the conditions set out in the GDPR you have the right to:
Where your personal data is processed on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object pursuant to Art. 21 GDPR on grounds relating to your particular situation, and at any time where the processing is for direct marketing. An email to info@cryptostruct.com is sufficient to exercise your right to withdraw consent or to object.
We use the TLS (Transport Layer Security) procedure during your visit, with the highest level of encryption supported by your browser, together with appropriate technical and organisational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorised third-party access. These measures are continuously improved in line with technological developments.
This privacy policy is currently valid and dated June 2026. As our website and offerings develop, or due to changed legal or regulatory requirements, it may become necessary to amend it. The current version is always available at https://data.cryptostruct.com/imprint.