Last update: June 2024

Provision of information pursuant to Art 13 of the General Data Protection Regulation 2016/679/EU ("GDPR") regarding the processing of personal data in the context of visiting and using the website ("Website").

Thank you for your interest in our Website. The protection of your privacy is of high priority to us. Consequently, we only process your personal data on the basis of legal requirements set by the GDPR as well as other relevant legal provisions.

In general, you are not obligated to provide data due to statutory or contractual requirements. Data processed automatically when accessing the Website are either not personal data or are stored only for short periods (cf. point 6.1). However, if you decide to contact us via the contact options presented on the Website respectively in the course of this Data Protection Declaration, you have to provide us certain of your data being necessary for the processing of your respective request (cf. point 6.2). Furthermore, in cases where you wish to make use of further services offered via our Website (cf. point 6.3), you have to provide us any data deemed necessary for contract conclusion and execution in the respective case. Should you refuse disclosure of your relevant data for the respective purpose, we may not be able to process your request or render our services to you. The individual processing activities in the context of accessing and using our Website are highlighted in detail under point 6.


  1. Definitions
  2. Information on the controller and contact details
  3. Links to third-party sites
  4. Rights of the data subject
  5. Transfer of your data; recipients; transfer mechanism re international transfers
  6. Data processing operations
  7. Cookies
  8. Third-party services

1. Definitions

Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. As such, the broad definition of processing (Art 4 item 2 GDPR) of personal data means any operation or set of operations performed on personal data. Any information allowing us or third parties to potentially identify you in person can be considered your personal data, which makes you a data subject (Art 4 item 1 GDPR) within this context.

The following terms are particularly relevant for a better understanding of this Data Protection Declaration:

Term Definitions

Term Definition Regulation
Controller Natural or legal person or other body which has decisive influence on the processing of personal and is therefore subject to data protection obligations. Art 4 item 7 GDPR, Art 24 GDPR
Processor External service provider which processes personal data on behalf of the controller and is contractually bound to its instructions. The processor thereby acts as a kind of extended arm of the controller. Art 4 item 8 GDPR, Art 28 GDPR
Recipient Generally, every natural or legal person or other body outside of the organisation of the controller to which data being subject to the controller's responsibility are disclosed. Art 4 item 9 GDPR
Legal basis Condition determined by law that constitutes an authorisation to lawfully process personal data. Art 6 para 1 GDPR
Transfer to third countries Transfer of personal data to countries outside of the EU respectively EEA through which they are detracted from the sole control of the GDPR due to stronger ties to the legal system of such third country. This might take place where data are disclosed to a recipient that (i) has its seat/residency in such third country or (ii) maintains a server there on which personal data are processed. Chapter V GDPR
Adequacy decision A resolution of the European Commission through which the adequacy of the data protection level in a third country is acknowledged, and consequently a transfer of data is possible without further restrictions. Art 45 GDPR
Appropriate safeguards Various instruments which allow the transfer of personal data into a third country for which an adequacy decision does not exist. As far as third-country transfers by us are based on appropriate safeguards, you may request a copy thereof by contacting us under the contact options as outlined subsequently. Art 46 GDPR

2. Information on the controller and contact details

Controller in the sense of Art 4 item 7 GDPR:

Flyback Solutions LTD ("we")
P.O. Box 4342 Road Town Tortola,
British Virgin Islands

On our Website and in this Data Protection Declaration, we may use links to websites of third parties. If you click on one of these links, you will be forwarded to the respective website. For the operators of these websites, it is only evident that you have accessed our Website beforehand. However, please be aware that accessing third-party sites results in additional processing of your data in the sphere of the respective third party! Accordingly, we refer you, in general, to the separate data protection declarations of these websites.

4. Rights of the data subject

You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 2; we shall then answer your request as soon as possible and within one (1) month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):

5. Transfer of your data; recipients; transfer mechanism re international transfers

For the purposes executing the data processing activities as indicated in the course of this Data Protection Declaration, we may transfer your personal data to the following recipients or make them available to them:

Some of the mentioned recipients are respectively their server landscape is located outside of the EU/EEA, or they use (further) processors to render their services to which this applies. Possible transfers of your data within this context into the legal sphere of such third parties are based on the following transfer mechanisms:

6. Data processing operations

In the subsequent section, data processing operations that may occur when accessing or using our Website are described in detail. Within this context, we provide you with information on the essential elements of each data processing operation, namely (a) type and extent (when and how), (b) purpose (why) as well as (c) the storage period of your data (how long). Moreover, we inform you about the legal basis which we use to justify the respective data processing operation as required by the GDPR. The following chart provides you with a first overview of possible legal bases, which we use in this regard:

Legal basis Definitions

Legal basis Definition Regulation
Performance of a contract The processing of your data is necessary for the performance of a contract concluded with you or to take steps prior to entering into a contract with you at your request. Art 6 para 1 lit b GDPR
Legal obligation The processing of your data is necessary to comply with a legal obligation we are subject to. Art 6 para 1 lit c GDPR
Legitimate interests The processing of your data is (i) necessary for the purposes of legitimate interests pursued by us or a third party and (ii) we have considered your conflicting interests and fundamental rights and freedoms accordingly. (For the right to object to interest-based processing due to your particular situation, see point 4.) Art 6 para 1 lit f GDPR

6.1. Processing of traffic data; server log files

(a) Type and extent of data processing: You can visit our Website without providing any personal information. However, out of technical necessity, so-called "traffic data" are processed automatically when a website is accessed. Within this context, in particular, the following categories of traffic data can be transferred to the server that is requested to provide a respective website or file:

Traffic data will be stored by us in so-called "server log files". Hosting provider of our Website is Hetzner Online GmbH (cf. point 5). Traffic data may also be transferred to providers of third-party services embedded into our Website (cf. point 8.).

(b) Legal basis and purpose: The purpose of this data processing operation is to establish and maintain technical security with regards to our Website. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object", see point 4) in achieving the mentioned purpose.

(c) Storage period: Server log files are stored as long as they are necessary for the abovementioned purpose and subsequently erased (usually 1 month).

6.2. Contacting

(a) Type and extent of data processing: When contacting us via the contact details provided on our Website (e.g., in the imprint), we will use your data as indicated in order to process your contact request and deal with it. Certain additional information may be provided voluntarily. The data processing involved is necessary to issue a response in respect of your request.

(b) Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users of the Website respectively our customers. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR; for the "right to object" see point 4) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. As far as your request is based on an existing contractual relationship with us or you are interested in establishing said contractual relationship, the processing is based on the performance of the corresponding contract, or on taking steps prior to entering into a contract with you at your request (Art 6 para 1 lit b GDPR).

(c) Storage period: We delete your requests as well as your contact data if the request has been answered conclusively if the data must not be further processed for different purposes (e.g., for the fulfilment of legal documentation obligations).

6.3. Services offered via the Website; customer account

(a) Type and extent of data processing: Our Website is designed to tailor our entrepreneurial service offerings to your needs. Should you decide to use the services we offer (e.g., token purchases), we will need to process certain data from you that is necessary for contract execution and performance – this may require the creation of a customer account. If you participate in our customer programs, this includes the processing of your data according to the respective program conditions and necessities. Additionally, we may process customer identification data according to point 6.4.

(b) Legal basis and purpose: Processing of your data within the context of our service range serves the purpose that we can pursue our business activity and provide our services accordingly; it is necessary for the performance of the respective contract concluded with you respectively to take steps at your request prior to entering into a contract (Art 6 para 1 lit b GDPR).

(c) Storage period: We will store your data for the duration of the respective customer relationship (dependent upon the individual services rendered) and subsequently erase your data if they must not be further processed for different purposes (e.g., for the fulfilment of legal documentation obligations).

6.4. Customer identification to prevent money laundering and terrorism financing

(a) Type and extent of data processing: If you wish to purchase specific products or services through our Website, we may additionally collect data from you based on the "Know-Your-Customer" principle in accordance with the relevant regulations to prevent money laundering and terrorist financing. For this purpose, at the inception of the contractual relationship, we collect data to particularly establish your unique identity (cf. the corresponding subscription form for data collection).

(b) Legal basis and purpose: We process your data in this context to establish customer identity and assess the transaction – depending on the product or service – on the basis of our corresponding legal obligation (Art 6 para 1 lit c GDPR) or – in the absence of a specific obligation – on the basis of our legitimate interest (Art 6 para 1 lit f GDPR), which consists of making a valuable contribution to preventing abuse and fraud, particularly with regard to preventing money laundering and terrorist financing (for the "right to object", see point 4).

(c) Storage period: The data processed in this regard will be stored for the duration of the respective legal retention requirement, unless they need to be further processed for other designated purposes (data from voluntary "Know-Your-Customer" checks for a period of five [5] years). Longer retention periods may arise from expactable legal claims. All Data is delete by the time the KYC operator approves the request.

6.5. Functional third-party implementations

(a) Type and extent of data processing: Due to third-party software/services which used in the context of our Website, additional data processing activities may be initiated for different purposes. The specific services and their functionality are briefly described under point 8.2; further information can be found in detailed descriptions under point 8.3.

(b) Legal basis and purpose: Within the framework of the respective service, we use collected data in order to improve our services or make them more attractive or secure The relevant legal basis is stated in the description of the respective service.

(c) Storage period: We store generated data in accordance with the requirements and possibilities stipulated by the relevant service for as long as it is necessary to fulfil the respective processing purpose.

7. Cookies

On our Website, we use cookies being technically necessary and essential (i.e., necessary cookies, see below) for its proper functioning and process your data on the basis of our accompanying legitimate interest (Art 6 para 1 lit f GDPR), as far as personal data are involved (for the "right to object", see point 4).

Cookies are small data sets that are stored on your end device by your respective browser. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense a cookie assigns a specific identity consisting of numbers and letters to your end device. Cookies can fulfil different purposes, e.g., helping to maintain the functionality of websites with regard to state of the art functions and user experience. The actual content of a specific cookie is always determined by the website that created it. Cookies always contain the following information:

Cookies can be differentiated according to type and purpose as follows:

With regard to the storage period cookies can be further differentiated as follows:

Furthermore, cookies may be differentiated by their subject of attribution:

Most browsers automatically accept cookies. You have the option to customise your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g., limiting refusal to third-party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable. Via the browser settings, you also have the option to delete the entirety of cookies already stored on your end device.

Specifically, we use the following cookies:

8. Third-party services

8.1. General explanations

Purpose of processing: In order to make our Website more secure, optimise it for its intended purposes, provide necessary or useful functions in regards to an economically viable pursuit of our business activity as well as to make available services to users that are usually expected in our line of business, we utilise a variety of services on our Website which are rendered by third-party service providers and subsequently described below.

Necessary processing: From a purely technical perspective, certain traffic data are transferred when visiting any website, and may be transferred to implemented services as well (cf. point 6.1). Any such transmission of traffic data that is technically necessary is based on our legitimate interest (Art 6 para 1 lit f GDPR) in integrating the respective services with adequate effort into our Website (for the "right to object", see point 4). Any further use of traffic data within this context is grounded on a separate legal basis pursuant to the specific information provided below.

8.2. Overview and brief summary

Subsequently, you can find a brief summary of services used as well as accompanying basic legal information. If you press on the name of one of the services, you will be transferred to the data protection declaration of the respective service provider. Please be aware that accessing third-party sites results in additional processing of your data in the sphere of the respective third party (cf. point 3). For further information of the respective recipients of your data within that context, please cf. point 5.

8.3. Individual third-party services

8.3.1. Google Fonts

On our Website, we use digital fonts provided by Google LLC (CA, US), namely "Google Fonts", as they are optimised for websites and allow us to save bandwidth. This leads to reduced loading times for the Website (using Google's respective CDN [cf. point 8.3.2]) as well as to a uniform appearance on all common browsers and end devices. Due to our use of Google Fonts, your traffic data (cf. point 6.1) will be transferred to Google servers when accessing the Website.

Utilisation of Google Fonts is based on our legitimate interest in realising an appealing and uniform web appearance (Art 6 para 1 lit f GDPR; for the right to object, see point 4). Data processing follows the purpose of making our Website more appealing to potential users. Google Ireland acts as independent controller of any transferred data in this regard, using them for analysis purposes. For further information on data usage by Google Ireland and affiliated companies as well as your options in terms of settings and objection, please review the data protection declaration of Google under More information on Google Fonts specifically can be found at

8.3.2. Content Delivery Networks

On our Website, we use so-called Content Delivery Networks ("CDN"). A CDN operates by duplicating elements of websites and storing them on servers distributed across various locations, or by loading specific types of content, such as images or other media (storing and distributing only the designated content types). This distribution minimizes the risk of server overload by spreading the load across multiple points. Additionally, CDN enhance website accessibility speed by serving content from the closest and fastest server to each user's location. This architecture ensures efficient delivery of website content, optimizing the user experience. Due to our use of CDN, your traffic data (cf. point 6.1) will be transferred to servers of the respective provider.

Service Processing operation Purpose Legal basis
Google Fonts Processing of traffic data Embedding digital fonts into the Website to improve user experience Legitimate Interest (Art 6 para 1 lit f GDPR)
Use of CDN: Processing of traffic data Improve performance, speed and availability of our Website Legitimate Interest (Art 6 para 1 lit f GDPR)
- Amazon CloudFront
- jsDelivr