Privacy policy

Privacy Policy

1. Data Controller

Oliver Grünwald / CryptoOnTheWall
Walserfeldstraße 38
5071 Wals, Austria
Email: team@cryptoonthewall.at

This Privacy Policy explains how we collect, use, and protect personal data when you use our website and services, in accordance with the EU General Data Protection Regulation (GDPR) and, where applicable, other international data protection laws such as the UK GDPR, CCPA (California Consumer Privacy Act), and similar legislation.

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, billing/shipping address

  • Usage Data: IP address, browser type, operating system, visited pages, access times, approximate location (if enabled)

  • Payment Data: Payment method details, transaction information (processed only by certified payment providers)

  • Device Data: Device ID, operating system version, browser settings

The provision of personal data may be mandatory to use certain features or services. Without this data, some services may not be available.

3. Purposes of Processing

We process personal data for the following purposes:

  • Fulfillment of contracts and order processing

  • Customer communication

  • Payment processing

  • Analysis and improvement of services

  • Marketing and personalized advertising (only with explicit consent)

  • Compliance with legal obligations

4. Legal Bases for Processing

We process personal data in accordance with:

  • Art. 6(1)(b) GDPR – performance of a contract

  • Art. 6(1)(a) GDPR – consent

  • Art. 6(1)(c) GDPR – legal obligations

  • Art. 6(1)(f) GDPR – legitimate interests (e.g., IT security, service improvement, analytics)

Where applicable, additional legal bases under national or regional laws (e.g., CCPA, UK GDPR) may also apply.

5. Recipients and Third-Party Services

We only share personal data with third parties when necessary for the purposes outlined above or when legally required. External recipients may include:

  • Payment Providers: Visa, Mastercard, Amex, PayPal, Google Pay, Apple Pay, Shop Pay, Coinbase (cryptocurrency payments)

  • E-commerce & Hosting: Shopify (store platform and hosting)

  • Marketing & Analytics: Klaviyo (email marketing), Google Analytics (web analytics)

  • Logistics & Fulfillment: Production and shipping partners

Each provider processes data in accordance with applicable data protection regulations. Details can be requested at any time.

6. International Data Transfers

Some data may be processed outside the EU/EEA, including in countries without an EU adequacy decision (e.g., the United States).

In such cases, we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs), or

  • Binding Corporate Rules (BCRs), or

  • Other appropriate legal mechanisms as required by applicable law.

7. Data Retention

Personal data is stored only as long as necessary for the purposes described or as required by law:

  • Contract & Payment Data: Retained as per commercial and tax law (typically 7–10 years)

  • Marketing Data: Until consent is withdrawn

  • System & Security Logs: Retained for a maximum of 12 months unless longer storage is required for security purposes

After expiry, data will be deleted or anonymized.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for website functionality (e.g., login, shopping cart)

  • Analytics Cookies: For website usage statistics (e.g., Google Analytics)

  • Marketing Cookies: For personalized advertising (only with explicit consent)

Users can consent to or decline cookies via the cookie banner displayed upon their first visit and may withdraw consent at any time.

9. Data Subject Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data (Art. 15 GDPR)

  • Rectification of inaccurate data (Art. 16 GDPR)

  • Erasure ("Right to be Forgotten", Art. 17 GDPR)

  • Restriction of Processing (Art. 18 GDPR)

  • Data Portability (Art. 20 GDPR)

  • Object to processing (Art. 21 GDPR)

  • Withdraw Consent at any time (Art. 7(3) GDPR)

  • Lodge a Complaint with a supervisory authority (Art. 77 GDPR)

For Austria, the competent authority is:
Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna

10. IT Security & System Logs

We take appropriate technical and organizational security measures to protect personal data against loss, misuse, or unauthorized access.
System logs (e.g., IP addresses, access times) may be stored for security and maintenance purposes.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as needed to comply with changes in laws, regulations, or our business practices. The latest version will always be available on this website.

12. Last Updated

Effective Date: September 22, 2025

Last updated: November 15, 2024

Contact form

If you have any questions, comments, or other concerns, our team is happy to help. Simply leave us a message – we'll get back to you as soon as possible!