PRIVACY

Privacy Policy

Information according to Art. 13, 14 GDPR

1. Privacy at a Glance

The protection of your personal data is very important to us. We process your data exclusively based on legal provisions (GDPR, TKG 2025).

In this privacy policy, we inform you about the most important aspects of data processing within our website and our educational platform.

2. Data Controller

Responsible for data processing:

Bilal Bakri

Formäckerstr. 19a

90475 Nuremberg

Germany

info@bitblockfinance.de

3. Data Collection on This Website

3.1 Hosting

This website is hosted by Netlify, Inc. (San Francisco, USA).

Collected data: IP address, date and time of access, accessed pages, browser type, referrer URL.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient provision of our website).

Data transfer to the USA: Netlify is certified under the EU-US Data Privacy Framework.

Netlify Privacy Policy: https://www.netlify.com/privacy/

3.2 Server Log Files

The hosting provider (Netlify) automatically collects and stores information in server log files that your browser automatically transmits:

Browser type and browser version
Operating system used
Referrer URL (previously visited page)
Hostname of the accessing computer
IP address
Time of server request

This data is not merged with other data sources. The storage is based on Art. 6 para. 1 lit. f GDPR to ensure secure and stable operation of our website.

4. Firebase (Google LLC)

We use Firebase, a service by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), for the following functions:

Firebase Authentication: User login and management
Cloud Firestore: Storage of course data, progress, user profiles
Firebase Storage: Storage of uploaded files
Firebase Analytics: Usage statistics (anonymized)

Collected data: Email address, name, authentication tokens, usage behavior, course data, learning progress, IP address.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment for paid packages) and Art. 6 para. 1 lit. f GDPR (legitimate interest in providing our services).

Data transfer to the USA: Google is certified under the EU-US Data Privacy Framework.

Google/Firebase Privacy Policy: https://firebase.google.com/support/privacy

Cloudflare R2 (Video-Hosting)

Wir nutzen Cloudflare R2 für das Hosting und Streaming unserer Kursvideos.

Verarbeitete Daten: IP-Adresse, Zugriffsdaten (abgerufene Videos), technische Geräteinformationen.

Rechtsgrundlage: Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung) und Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse an effizienter Medienbereitstellung).

Datenübermittlung: Die Daten werden auf Cloudflare-Servern weltweit verarbeitet. Cloudflare ist unter dem EU-US Data Privacy Framework zertifiziert.

Weitere Informationen finden Sie in der Datenschutzerklärung von Cloudflare: https://www.cloudflare.com/privacypolicy/

6. Stripe (Payment Processing)

For payment processing (Pro and Mastermind packages), we use Stripe, a payment service provider by Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA).

Collected data: Name, email address, billing address, payment data (credit card, SEPA, etc.), transaction data.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. c GDPR (legal obligations, e.g., invoicing).

Data transfer to the USA: Stripe is certified under the EU-US Data Privacy Framework.

Stripe Privacy Policy: https://stripe.com/de/privacy

7. Cookies

Manage Cookie Settings

You can change your cookie preferences at any time and determine which cookies we may use.

Open Settings

7.1 What Are Cookies?

Cookies are small text files that are stored on your device and saved by your browser. They allow specific information to be stored for a certain period.

7.2 What Types of Cookies Do We Use?

Necessary Cookies (always active)

These cookies are required for the basic functions of the website and cannot be disabled.

Session Cookies: For login and authentication
Security Cookies: Protection against CSRF attacks
Functional Cookies: Shopping cart, language settings

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

Analytics Cookies (optional)

These cookies help us understand and improve the use of our website.

Firebase Analytics: Usage statistics (anonymized)
Google Analytics: Visitor behavior and traffic sources

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie banner)

Marketing Cookies (optional)

These cookies are used for personalized advertising.

Google Ads: Advertising network
Facebook Pixel: Remarketing
LinkedIn Insight: B2B Marketing

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie banner)

7.3 How Can I Manage Cookies?

You have several options to manage cookies:

Cookie Banner: On your first visit, a cookie banner appears where you can set your preferences.
Cookie Settings: Through our Cookie Settings page you can change your preferences at any time.
Browser Settings: You can block or delete cookies in your browser settings.

Note: Disabling cookies may limit the functionality of this website.

8. Storage Duration

We only store personal data for as long as necessary to fulfill the respective purposes or as required by legal retention periods.

User account data: Until account deletion
Course data and progress: Until account deletion
Payment data: 10 years (legal retention obligation under HGB/AO)
Server logs: Maximum 90 days
Video statistics (Bunny.net): 90 days

9. Your Rights (Art. 15-22 GDPR)

You have the following rights regarding your personal data:

Right to access (Art. 15 GDPR): You can request information about your stored data.
Right to rectification (Art. 16 GDPR): You can request the correction of incorrect data.
Right to erasure (Art. 17 GDPR): You can request the deletion of your data, provided there are no legal retention obligations.
Right to restriction of processing (Art. 18 GDPR): You can request the restriction of processing.
Right to data portability (Art. 20 GDPR): You can receive your data in a structured, common format.
Right to object (Art. 21 GDPR): You can object to the processing of your data for reasons arising from your particular situation.
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

Contact for data protection inquiries:
info@bitblockfinance.de

10. Right to Withdraw Consent

If data processing is based on your consent (Art. 6 para. 1 lit. a GDPR), you have the right to withdraw consent at any time. The lawfulness of processing carried out before the withdrawal remains unaffected.

11. Data Security

We use SSL encryption (HTTPS) for transmitting sensitive data. All Firebase data is stored encrypted. Payment data is processed exclusively through Stripe and never stored on our servers.

Please note that data transmission over the internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

12. Disclosure of Data to Third Parties

We only disclose your personal data to third parties if:

You have expressly consented (Art. 6 para. 1 lit. a GDPR)
It is necessary for contract fulfillment (Art. 6 para. 1 lit. b GDPR)
There is a legal obligation (Art. 6 para. 1 lit. c GDPR)

Disclosure is made exclusively to the service providers mentioned in this privacy policy (Firebase, Stripe, Bunny.net, Netlify).

13. Profiling and Automated Decisions

We do not use automated decision-making including profiling according to Art. 22 GDPR.

14. Changes to the Privacy Policy

We reserve the right to adapt this privacy policy to reflect changes in the legal situation or changes to our services and data processing. The current privacy policy can always be found on this page.

Important Notice Regarding DeFi Investments

BitBlock Finance is a purely educational platform. We do not provide investment advice or asset management. Investments in DeFi and cryptocurrencies are highly risky and can result in total loss. All investment decisions are made at your own responsibility.

As of: December 2025