- Privacy Policy
- General Terms and Conditions

Status: 19.12.2022 We are very pleased about your interest in our company. The use of our website is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation, and in accordance with the country-specific data protection regulations applicable to us. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, by means of this data protection declaration, data subjects are informed about the rights to which they are entitled. As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definition of terms


The data protection declaration is based on the terms used by the European Directive and Ordinance when adopting the General Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy policy:

- a) personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

- b) Person concerned

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

- c) Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

- d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

- e) Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

- f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

- g) Controller or person responsible for the processing

The controller or controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

- h) Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

- i) Receiver

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

- j) Third

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

- k) Consent

Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.


Name and address of the controller

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with data protection character is: Tokenshelf GmbH Patrick Schier Fischertwiete 2, Chilehaus A 20095 Hamburg Germany +49 151 4035 2222 E-mail: patrick.schier@tokenshelf.io -

Cookies / SessionStorage / LocalStorage

The Internet pages partly use so-called cookies, LocalStorage and SessionStorage. This serves to make our offer more user-friendly, effective and secure. Local Storage and SessionStorage is a technology with which your browser stores data on your computer or mobile device. Cookies are text files that are placed and stored on a computer system via an Internet browser. You can prevent the use of cookies, LocalStorage and SessionStorage by making the appropriate settings in your browser. Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID. Through the use of cookies, the users of this website can provide more user-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie. The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.


Collection of general data and information

The website collects a series of general data and information with each call of the website by a data subject or an automated system. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website can be recorded, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems. When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, we statistically evaluate this anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise, so as to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Registration on our website

The data subject has the opportunity to register on the website of the controller by providing personal data. Which personal data is transmitted to the controller in the process is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to the controller. By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date as well as the time of registration are also stored. The storage of this data takes place against the background that only in this way can the misuse of our services be prevented and, if necessary, this data makes it possible to clarify committed crimes. In this respect, the storage of this data is necessary for the protection of the data controller. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution. The registration of the data subject by voluntarily providing personal data serves the purpose of the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to have it completely deleted from the data stock of the controller. The controller shall provide any data subject at any time, upon request, with information about what personal data is stored about the data subject. Furthermore, the controller shall correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention obligations. The entire staff of the controller shall be available to the data subject as contact persons in this context.

Contact possibility via the website

Based on statutory provisions, the website contains data that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. No disclosure of this personal data to third parties will take place.

Comment function in the blog on the website

We offer users the possibility to leave individual comments on individual blog posts on a blog, which is located on the website of the controller. A blog is a portal maintained on a website, usually publicly viewable, in which one or more persons, called bloggers or web bloggers, can post articles or write down thoughts in so-called blogposts. The blogposts can usually be commented on by third parties. If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information on the time of comment entry and the user name (pseudonym) chosen by the data subject will be stored and published. Furthermore, the IP address assigned by the Internet service provider (ISP) of the person concerned is also logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties by posting a comment or posts illegal content. The storage of this personal data is therefore in the controller's own interest, so that the controller could exculpate itself if necessary in the event of an infringement. There will be no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defense of the controller.

Gravatar

For comments, the Gravatar service from Auttomatic is used. Gravatar matches your email address and - if you are registered there - displays your avatar image next to the comment. If you are not registered, no image will be displayed. It should be noted that all registered WordPress users are automatically registered with Gravatar as well. Details about Gravatar:https://de.gravatar.com
Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject. If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Rights of the data subject

- a) Right to confirmation

Every data subject shall have the right, granted by the European Directive and the Regulation, to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may, at any time, contact any employee of the controller.

- b) Right to information

Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain at any time from the controller, free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:

- the processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer. If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

- c) Right to rectification

Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing. If a data subject wishes to exercise this right to rectify, he or she may, at any time, contact any employee of the controller.

- d) Right to erasure (right to be forgotten)

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following reasons applies and insofar as the processing is not necessary:

- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.

The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.The personal data have been processed unlawfully. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.The personal data was collected in relation to information society services offered pursuant to Art. 8(1) DS-GVO. If one of the aforementioned reasons applies, and a data subject wishes to arrange for the erasure of personal data stored, he or she may, at any time, contact any employee of the controller. The employee will arrange for the deletion request to be complied with immediately. If the personal data have been made public and our company as the controller is obliged to erase the personal data pursuant to Article 17 (1) of the Data Protection Regulation, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers which process the published personal data, that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data, unless the processing is necessary. The employee will arrange the necessary in individual cases.

e) Right to restriction of processing

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the restriction of processing if one of the following conditions is met:

- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored, he or she may, at any time, contact any employee of the controller. The employee will arrange the restriction of the processing.

f) Right to data portability

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller where technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals. To assert the right to data portability, the data subject may contact us at any time.

g) Right to object

Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims. If we process personal data for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest. In order to exercise the right to object, the data subject may directly contact any employee. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated procedures using technical specifications.

h) Automated decisions in individual cases including profiling

Any data subject concerned by the processing of personal data shall have the right, granted by the European Directive and the Regulation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and that law contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is made with the data subject's explicit consent. If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) it is made with the data subject's explicit consent, we will implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which include at least the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and to contest the decision. If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact any employee of the controller.

i) Right to revoke consent under data protection law

Every person affected by the processing of personal data has the right granted by the European Directive and Regulation to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

Legal basis of processing

Article 6 Ilit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 Ilit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for compliance with tax obligations, the processing is based on Art. 6 Ilit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 Ilit. d DS-GVO. Finally, processing operations could be based on Art. 6 Ilit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).

Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 Ilit. f DS-GVO, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our shareholders.

Duration for which the personal data are stored

Das Kriterium für die Dauer der Speicherung von personenbezogenen Daten ist die jeweilige gesetzliche Aufbewahrungsfrist. Nach Ablauf der Frist werden die entsprechenden Daten routinemäßig gelöscht, sofern sie nicht mehr zur Vertragserfüllung oder Vertragsanbahnung erforderlich sind.

Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

Existence of automated decision-makingAs a responsible company, we do not use automated decision-making or profiling.


General terms and conditions

of Tokenshelf GmbH

for the use of the Tokenshelf App by consumers

In the following, we first describe the basic regulations regarding the contract and the use of the Tokenshelf app (I.). We will then go into the specifics of special functions (II.). In case you are not familiar with certain terms, we have included a glossary (III.).

I. General

§1 Scope(1)

These General Terms and Conditions (GTC) apply to a contract between us as the operator of the Tokenshelf App and you as our customer.

"We" in the context of these GTC are the

Tokenshelf GmbH
represented by the managing director: Patrick Schier
Fischertwiete 2, Chilehaus A
20095 Hamburg
Germany
Phone: +49 151 4035 2222
E-mail: info@Tokenshelf.io

(2) These GTC only apply to the use of the Tokenshelf App and its functions as listed in the following regulations. These functions also include, in particular, the provision of or access to third-party services. We do not offer these services in our own name, nor do we act here as a representative for the third party or you. You can recognize the services of third parties by the fact that they leave our app (e.g. continuation in the browser) or by the fact that the third party is explicitly identified. These T&Cs do not apply to contracts that are concluded directly between you and the third party in this way. If applicable, the terms and conditions of this third party apply.

(3) Our offer is directed only to persons who have their habitual residence in Germany.

§2 Registration

(1) The contract with us is concluded by registration in the Tokenshelf App, creation of a user account and subsequent confirmation by us.

(2) Registration takes place by defining a user name and a password. You are responsible for maintaining the confidentiality and safekeeping of your username and password.

(3) Any other information that we require from you as part of the registration process (including the provision of an e-mail address) must be truthful and complete.

(4) To register, you must be of legal age and have full legal capacity. In addition, registration is only possible as a natural person. Registration is personal; a user account may therefore only be used by you and your access data may not be passed on.

(5) After completing the registration, you will receive an e-mail to verify your identity for the registered user account. After carrying out the verification process, we will check your registration. We reserve the right to reject the registration and thus the conclusion of a contract. You will receive a confirmation or rejection after 48 hours at the latest.

(6) Use of the Tokenshelf App for commercial purposes is prohibited.

§3 Cancellation policy

Right of withdrawal

You have the right to cancel this contract within fourteen days without giving any reason. To exercise your right of withdrawal, you must inform us - Tokenshelf GmbH, Chilehaus A, Fischertwiete, 20095 Hamburg, Germany, phone: +49 151 4035 2222, e-mail: info@Tokenshelf.io - of your decision to withdraw from this contract by means of a clear declaration (e.g. a letter, fax or e-mail sent by post). You can use the attached sample cancellation form below, which is not mandatory.

To comply with the cancellation period, it is sufficient that you send the notification of the exercise of the right of cancellation before the expiry of the cancellation period.

Consequences of the revocation

If you cancel this contract, we will reimburse you all payments that we have received from you, including delivery costs (with the exception of additional costs resulting from the fact that you have chosen a type of delivery other than the cheapest standard delivery offered by us), without undue delay and no later than within fourteen days from the day on which we received the notification of your cancellation of this contract. For this repayment, we will use the same means of payment that you used for the original transaction, unless expressly agreed otherwise with you; in no case will you be charged for this repayment.

Premature expiration of the right of withdrawal:

The right of withdrawal expires in the case of a contract for the provision of digital content that is not on a physical data carrier if we have begun executing the contract after you have expressly agreed that we begin executing the contract before the end of the withdrawal period and you have confirmed your knowledge that you lose your right of withdrawal through your agreement with the beginning of the execution of the contract. 

Sample cancellation form

(If you want to cancel the contract, please fill out this form and send it back).

– To

Tokenshelf GmbH
Fischertwiete 2, Chilehaus A
20095 Hamburg
E-mail: info@Tokenshelf.io

– I/we (*) hereby revoke the contract concluded by me/us (*) for the purchase of the following goods (*)/provision of the following service (*)

– Ordered on (*)/received on (*)
– Name of consumer(s)- Address of consumer(s)
– Signature of the consumer(s) (only in case of notification on paper)
– Date                  

(*) Delete as applicable.   


§4 Subject matter of the contract

(1) Upon conclusion of the contract, you acquire a non-exclusive, non-transferable license for the use of the Tokenshelf App and the respective functions (User Agreement), which is limited in time to the duration of the installation.

(2) The user agreement includes the following functions in particular:

- Wallet function (for details see 12 of the GTC)
- Organization and display of usage options and benefits of NFTs (for details see 13 of the GTC);
- Access to third-party services for "minting" (Minting) and transferring NFTs as well as for the acquisition of cryptocurrencies required for this purpose (for details see 14 of the GTC).

(3) There is no obligation to permanently provide all functions of the app. Likewise, no minimum availability of the app and its functions is promised. After providing the Tokenshelf App and its functions, we therefore reserve the right to add functions or to further develop and improve existing functions at any time. For a removal of functions of the app, our regulations on termination (§ 9 number 2 of these GTC) apply accordingly.

(4) The purchase of goods, services, NFTs and cryptocurrencies is not the subject of the contract. These transactions are carried out exclusively via third-party providers whose services you can access via our app. This is done at your own risk and, if applicable, under the terms and conditions of these third parties. InApp purchases do not take place. The amount of fees to create and send NFTs is determined by the respective blockchain. Fees are only charged for associated third-party features (cryptocurrency purchases, NFT transactions).

(5) The subject of the contract is also not advice in connection with the purchase of goods, services, NFTs and cryptocurrencies. However, we would like to point out that there are significant risks in particular when trading with NFTs and cryptocurrencies.

(6) We do not manage NFTs and cryptocurrencies via the Tokenshelf App. NFTs are stored via the respective blockchain via which the NFTs were acquired. These are merely displayed graphically within the scope of our app and facilitate your own management.

§5 Your duties

(1) The use of the app is free of charge for you. A change for services in the future is only possible under the special conditions of § 9 of these GTC.

(2) You are responsible for the content of your NFTs that are managed via the Tokenshelf App. We are only responsible for NFTs that we have minted directly for you or that we have transferred directly to you.

(3) You shall ensure that your NFTs do not infringe any third-party property rights (in particular copyrights, trademark rights, patent rights, design rights or utility model rights) and do not contain any other illegal content, in particular content that glorifies violence, is racist, pornographic, violates the Youth Act or is otherwise discriminatory. We may block or remove such content on the basis of court or official orders. We may block content that infringes intellectual property rights at the request of the holder of such rights if there is no other possibility for the holder of the rights to remedy the infringement of his rights.

(4) To download and use the Tokenshelf App, you need a terminal device with the necessary hardware and firmware requirements for the operation of the Tokenshelf App as well as an Internet connection set up on it. In order to use the Tokenshelf App and to ensure security, current updates for the Tokenshelf App must always be downloaded and installed.

(5) In the event of a change to your data that you provided to us as part of the registration process, you are obligated to provide us with the current data. You must ensure the receipt of e-mails via the e-mail address provided by you so that we can make any declarations to you.

§6 Confidentiality and security

(1) Your data, in particular the blockchain addresses, public and private keys, are encrypted and securely stored locally on your device in the Tokenshelf app. Your data will not be stored by us. Private keys and other data that should only be known to you are not transferred outside the app by our app.

(2) Instead of a key, our app offers you the option of generating a uniquely assignable seed phrase that can be used instead of the key or via which it is possible to restore the key. For these seed phrases, paragraph (1) applies accordingly.

(3) The private keys and seed phrases are usually connected to the underlying blockchain used by you. This means that you can manage your NFTs outside of our Tokenshelf app if necessary, even if we should discontinue the operation of our app. However, the operation of the blockchains is not carried out by us, but by third-party providers. We are therefore not responsible for the continued existence of the blockchains and the information stored there about your NFTs or cryptocurrencies.'

(4) If you lose confidential information such as private keys or seed phrases (e.g. by deleting the app, by losing your device, etc.), you will also irretrievably lose access to the relevant NFTs and cryptocurrencies. A recovery by us is de facto not possible.

(5) If someone else gains access to your confidential information, they will have access to your NFTs and cryptocurrencies and can take them away from you irretrievably as well.

(6) You must therefore ensure in your own interest that you store and keep your information secure and confidential outside our app and also outside your device, for example on paper in a secure environment, such as in a safe.

(7) In addition, with respect to your device use, it is even more important that you make sure that no one else can access your device and, in particular, launch our app. Make sure that no one is watching you when you display private keys, seed phrases or other confidential information.

(8) Our app optionally offers the storage of confidential information (private keys, seed phrases). The storage takes place exclusively locally on your end device. The Tokenshelf app can access this information to facilitate its use. However, we do not have access to this information. We secure this information according to the current state of the art and within the scope of a security level that is appropriate for the purpose of the application (purely private use by you).

(9) For other use of blockchains, NFTs and cryptocurrency, we recommend you to use another wallet and other addresses and keys. This is possible because you can use as many keys as you want on blockchains.

(10) If you want to be on the safe side, don't use our optional confidential information storage feature. If you disable the feature later, remember to delete the app storage as well.

(11) We cannot be held liable for any loss or damage caused by your failure to follow these instructions.

§7 Liability

(1) Your claims for damages are generally excluded. Excluded from this are claims for damages by you from injury to life, limb, health or from the breach of essential contractual obligations (cardinal obligations) as well as liability for other damages that are based on an intentional or grossly negligent breach of duty by us, our legal representatives or our agents. Material contractual obligations are those whose fulfillment is necessary to achieve the objective of the contract.

(2) In the event of a breach of material contractual obligations, we shall only be liable for the foreseeable damage typical for this type of contract if such damage was caused by simple negligence, unless you are making claims for damages arising from injury to life, limb or health.

(3) The restrictions of paragraphs (1) and (2) also apply in favor of our legal representatives and vicarious agents if you assert claims directly against them.

(4) The limitations of liability resulting from paragraphs (1) and (2) do not apply insofar as we have fraudulently concealed a defect of our app or have assumed a guarantee for the quality of the item. The same applies if we have explicitly promised you a specific quality or feature of our app. The provisions of the Product Liability Act remain unaffected.

(5) As a rule, we do not store any data, as our app only offers opportunities to use third-party services. These third parties are not our vicarious agents within the meaning of the preceding paragraphs. If, in exceptional cases, we do store data, we shall only be liable for a loss up to the amount that would have been incurred to restore the data if it had been backed up properly and regularly.

§8 Limitation

(1) Claims pursuant to § 7 clause (1) of these GTC shall become time-barred within the statutory periods.

(2) Other claims arising from this contract shall become statute-barred within one year. The commencement of the limitation periods shall remain unaffected.

§9 Termination and other termination of the contract

(1) You can terminate the contract at any time by deleting your account. For this purpose, a cancellation button is available in the Tokenshelf app.

(2) We are entitled to discontinue the operation of the Tokenshelf App or to restrict individual functions in whole or in part within a period of 2 weeks.

(3) If we are unable to provide our service because it is not or no longer possible due to a lack of necessary advance services by third parties (e.g. non-provision of servers and availability of the blockchain), we are entitled to withdraw from the contract and refuse further performance. In this case, we will inform you immediately about the unavailability and its reasons. If you have provided services to us for the availability of our service, we will reimburse you immediately.

(4) Extraordinary termination for good cause shall remain unaffected by the above provisions and the other provisions of these GTC. Good cause shall be deemed to exist in particular in the event of:

- if the user provides false data;
- the use of third party rights or other illegal content in the sense of § 5 number (3) of these GTC;
- in case of repeated or continuous violation of these GTC despite requests to cease and desist or to remedy this violation.

§10 Changes to the GTC

(1) We are entitled to change the Terms of Use if there is an objective reason to do so.

(2) Factual reasons are in particular

- Changes in the legal situation or case law;
- Implementation of court decisions (judgments, orders, injunctions, etc.) or official orders;
- Further developments or extensions of the functionality of the Tokenshelf App as well as clarifications or restructuring of the Terms of Use. We will notify the user of a change in due time before the change is scheduled to take effect. If the User does not object to the change within two weeks after receipt of this notification, this shall be deemed as consent to the amended Terms of Use. We will make special reference to the significance of the objection period in the notification of the planned change;
- Adaptations of the Tokenshelf App or individual functions to the state of the art.

(3) If a user has objected to the change in the terms of use, we are entitled to terminate the user contract at the time when the change should come into force.

(4) There will be no adjustment to charge costs or to adjust costs under the foregoing provisions. If we offer the Tokenshelf App or certain functions of the Tokenshelf App for a fee in the future, we will inform you of this in advance and explicitly ask for your consent so that you can decide to continue using the App. If you do not agree or object, we are entitled to terminate the contract in accordance with the terms and conditions.
§11 Rechtswahl, Streitbeilegung, Gerichtsstand

(1) These Terms and Conditions shall be governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods and the conflict of laws rules. In addition, the mandatory consumer protection provisions of the country in which you have your habitual residence shall always apply in your favor.

(2) We are neither willing nor obliged to participate in a dispute resolution procedure before a consumer arbitration board.

(3) Legal recourse shall be governed by the statutory provisions.

II. special features of the app

§12 Wallet function

(1) Use the Tokenshelf App as a viewable and structured wallet for NFTs. The app allows you to familiarize yourself with the content and functionality of blockchains and non-fungible tokens (NFTs). The Tokenshelf app allows you to view your NFTs in a clear and structured way and sort them into albums. You can also use our app for NFTs that you have previously held in other electronic wallets or acquired elsewhere.

(2) Our Tokenshelf app allows you to store your digital keys, which you have created for one or more blockchains (e.g. Ethereum), locally on your device. The app also includes its own random number generator, which you can use to generate new keys. The app thus makes it easy for you to create, acquire, collect, send, and receive NFTs via transactions executed on the blockchain.

(3) You may use the App for private purposes. Use for commercial purposes is not permitted, including for trading NFTs or cryptocurrency (including by means of payment outside the blockchain transaction, e.g. by cash, bank transfer or use of other payment services for the transfer of an NFT).

(4) Similarly, the creation and issuance of NFTs as a means of payment or for the creation and distribution of NFTs as securities or financial instruments are not permitted. Our wallet function does not involve custody, management or the safeguarding of crypto assets or private cryptographic keys. We therefore do not act as a trading platform for investment brokerage of cryptocurrencies or cryptoassets (such as in the form of NFTs), nor do we act as an agent for a buyer or seller to acquire or dispose of such assets in the sense of a closing brokerage.

§13 Offers from our partners/upgrades from NFTs

(1) Through our app, you will be shown and offered ways to make NFTs usable. By linking NFTs with special programs, these NFTs can perform additional functions. We refer to such NFTs as "upgrades". Such upgrades can be purchased through the Tokenshelf app from third parties or outside the Tokenshelf app.

(2) In the "Partner NFTs" section, you will see upgrades from our partners that they have sent to your public blockchain address. These NFTs may include offers, options, vouchers or similar ("benefits"), which you can redeem with the respective partner via the channel communicated by him.

(3) To redeem or use the benefits, you may be redirected to a website of our partners. You may need a current browser. The terms of use or the additional terms and conditions of our partners may apply. We have no influence on the content of our partners' websites and their terms and conditions and accept no responsibility for them.

(4) These benefits apply exclusively in the relationship between you and the person who issued the relevant upgrade. We have no influence on the content of the benefits and their warranties. Therefore, we do not warrant or assume any liability that the benefit exists, is valid or can be redeemed. Similarly, we do not warrant or assume liability for any goods or services you receive in connection with a benefit from the publisher of the NFT or any third party.

(5) You will receive information on how to contact the issuer of the upgrade and redeem any benefits via the respective upgrade.

(6) If applicable, the benefits embodied in the NFTs may only be requested per NFT on a limited basis (e.g. once). As soon as the benefits have been requested accordingly and sent, future purchasers of the relevant NFT are no longer entitled to them. If you pass on such NFTs, you are obliged to point this out to the acquirer before passing them on.

§14 Transactions of NFTs

(1) You can transfer NFTs to third parties, receive NFTs from third parties or us or mine your own NFTs (transactions) via our Tokenshelf App.

(2) The transactions to be paid with your own cryptocurrency, if any, will take place exclusively outside the App on the respective blockchain. In order to transmit and receive the necessary information for the transactions, the App is connected via interfaces with third-party providers with whom we have no business relationship except for the technical use of these interfaces.

(3) In order to carry out transactions via the Tokenshelf App, you may also directly purchase cryptocurrencies from third-party providers. We have no influence on the prices and other usability of the respective cryptocurrency and assume no responsibility for this. However, we would like to point out that the value of cryptocurrencies can be subject to considerable fluctuations and can therefore represent a significant risk.

(4) Cryptocurrencies are subject to fluctuations even within a very short period of time. Although we try to keep the retrieval of the offers of the third-party providers always up to date, we cannot guarantee the continuity of the offer when the purchase process is triggered.

(5) We are not technically or financially involved in the Transactions or in the acquisition of cryptocurrencies for these Transactions ourselves and have no economic interest in them. We do not offer NFTs for purchase in the app itself or acquire NFTs from you or other users of the app. At most, it may happen that we transfer NFTs to you free of charge in individual cases and with your consent.

(6) A transaction of NFTs is first of all - legally speaking - a neutral real act. Nevertheless, such a transaction may have legal consequences based on general laws. We have neither insight into the circumstances behind your respective transactions nor into the transactions themselves. Therefore, we cannot assume any liability for the factual correctness and legal effectiveness of a transaction itself as well as the agreements and legal transactions behind it and the consequences resulting from it, if any. All transactions are carried out by you under your own responsibility. III.

Glossary

Blockchain

A blockchain is the totality of interlinked data packages in which data transactions are logged in chronological order and mapped in a traceable, unchangeable manner without a central instance. This means that all transactions within a blockchain are tamper-proof according to the current state of the art and can be traced at any time.

Non Fungible Tokens /NFT

A Non Fungible Token (NFT) is characterized by the fact that it is not replicable. It is based on the same technology or forms a component for a blockchain. An NFT is transferable and thus in principle also tradable. However, an NFT is not a security within the meaning of the EU Markets in Financial Instruments Directive (MiFID II), the EU Market Abuse Regulation (MAR), the EU Prospectus Regulation, the German Securities Trading Act (WpHG) or the German Securities Prospectus Act (WpPG) or a financial instrument within the meaning of the German Banking Act (KWG) and not an electronic security within the meaning of the eWpG or a comparable foreign regulation.

Minting

The technical creation of an NFT on the blockchain is called "minting."

Cryptocurrency

A cryptocurrency is a digital asset that is assigned to and recorded in a blockchain. Cryptocurrencies are stored and transferred on electronic value for this purpose and can therefore also function as an investment asset. However, cryptocurrencies do not serve as legal tender and are not created, issued or guaranteed in existence or value by a central bank or public body. Acceptance as a means of payment is thus based on an agreement between their users or actual practice.

Wallet

Wallets are software that virtually simulates a kind of wallet. Accordingly, virtual assets such as cryptocurrencies, NFTs and other tokens are stored in them. The respective owner of the wallet can also prove that a token belongs to him. In addition, only the owner of a wallet has the possibility and the authorization to transfer a token from his wallet to the wallet of another owner and thereby reassign it.

Transaktionen, Smart Contracts

Transactions are operations within the blockchain in which, among other things, NFTs, other tokens or cryptocurrencies are transferred or created. So-called smart contracts are used to execute these transactions. Smart contracts are protocols that enable, verify the legitimacy of, or otherwise support the transactions so that they are executed automatically.