Privacy policy

This information describes how NORRIS-systems UG (haftungsbeschränkt) – “we” or “provider” – processes personal data when operating this website and the DeFi Marketing Center (DeFi-MC).

1. Controller

The controller within the meaning of the GDPR is NORRIS-systems UG (haftungsbeschränkt), address as stated in the legal notice. You can reach us via the contact channels in your contract or user account or via the platform’s support channels.

2. Purposes and legal bases

We process personal data where necessary to provide DeFi-MC features (performance of a contract, Art. 6 (1)(b) GDPR), to comply with legal obligations (Art. 6 (1)(c) GDPR), and – where permitted by law and you have not objected – to ensure secure operations, prevent abuse and improve our offer (legitimate interests, Art. 6 (1)(f) GDPR; where applicable also consent pursuant to Art. 6 (1)(a) GDPR).

3. Categories of data

Depending on use, we may process in particular:

  • Master and contract data (e.g. name, contact details, company information, plan)
  • Authentication and account/login data (e.g. e-mail, technical identifiers)
  • Usage and log data (e.g. IP address in a protected form, timestamps, device type, log files for IT security)
  • Content and communications you create or submit in DeFi-MC (e.g. texts for AI-assisted publishing, support requests)
  • Payment and billing data where processed via payment providers (their privacy notices also apply)

4. Hosting and technical infrastructure

The platform may run on servers or with providers (hosting, CDN, e-mail) located outside your country of residence. Where no EU Commission adequacy decision exists, we rely on appropriate safeguards (e.g. EU standard contractual clauses) or other permitted transfer mechanisms under Art. 44 ff. GDPR.

5. Processors and service providers

We use service providers (including IT, payments, analytics or AI integrations within the product). Where they access personal data, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR where required.

6. Retention

We retain personal data only as long as necessary for the stated purposes or as required by statutory retention periods. Data is then deleted or anonymised where possible.

7. Your rights

Under the GDPR you have in particular:

  • Right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18)
  • Right to data portability (Art. 20), where applicable
  • Right to object to processing based on Art. 6 (1)(f) GDPR (Art. 21)
  • Right to withdraw consent at any time with future effect

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

8. Cookies and similar technologies

Details on individual cookies, retention and choices are in our cookie policy at /defimc-landing/cookie-policy (with language prefix, e.g. /en/…).

9. Security

We implement technical and organisational measures to protect data against unauthorised access, loss and misuse. More information is on our “Security” page.

Version: April 2026. This statement may be updated when legal requirements or the product change. The published version in force applies.

Back to overview