1. Information on the Collection of Personal Data and Contact Details of the Controller
1.1 Introduction
We are pleased that you are visiting our website and thank you for your interest. The following information explains how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.
1.2 Controller Information
The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:
Michael Schindler
Xunlai UG (haftungsbeschränkt)
Drosselweg 7, 86381 Krumbach, Germany
Tel: +49 (0)1522 3061242
Email: info@xunlai.io
1.3 Security Information
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (such as contact requests or orders). An encrypted connection can be recognized by the string "https://" and the lock symbol in your browser bar.
2. Data Collection When You Visit Our Website
When visiting our website purely for informational purposes — without registering or otherwise providing us with data — we collect only the data your browser transmits to our server (server log files). This includes:
Page visited
Date and time of access
Volume of data transferred - Referring source (URL)
Browser type and version - Operating system
IP address (in anonymized form, if applicable)
This data is processed in accordance with Article 6(1)(f) GDPR based on our legitimate interest to ensure a stable and functional website. We do not share this data or analyze it for advertising purposes. However, we reserve the right to retrospectively check server logs if there are signs of unlawful use.
3. Cookies & Consent under TTDSG
To optimize your experience on our website and enable specific functions, we use cookies — small text files stored on your device.
We distinguish between:
Session cookies: deleted after your visit.
Persistent cookies: remain stored for easier access on future visits.
Third-party cookies: used by external providers (e.g., analytics, videos, advertising).
Where cookies are not technically necessary, we request your explicit consent pursuant to §25(1) TTDSG and Article 6(1)(a) GDPR the first time you visit (via a cookie banner).
You can customize or revoke your cookie preferences at any time through your browser. Instructions for different browsers:
Internet Explorer: https://support.microsoft.com/en-us/help/17442
Chrome: https://support.google.com/accounts/answer/61416
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/
Please note that disabling cookies may affect the performance of certain website features.
4. Contacting Us
If you contact us (e.g. via email or contact form), we store and process the submitted personal data solely for the purpose of responding to your inquiry.
Legal basis: Article 6(1)(f) GDPR (legitimate interest).
If your request relates to a contractual relationship, the additional legal basis is Article 6(1)(b) GDPR.
Once your inquiry is resolved and there are no legal retention requirements, your data will be deleted.
5. Customer Accounts and Order Processing
When you open a customer account or place an order, we collect and process your personal data (name, address, email, payment details, etc.) to fulfil the contract pursuant to Article 6(1)(b) GDPR.
You may request your account deletion at any time. We then retain only data that must be stored under commercial or tax regulations for the period required by law and delete all remaining data.
6. Use of Client Data for Direct Advertising
We may use your personal data — such as name, email address, postal address, or purchase history — to send you marketing information about our products and services by mail or, if you have given your explicit consent, by electronic means such as email or SMS.
This processing is carried out:
On the basis of our legitimate interest in promoting our business under Art. 6(1)(f) GDPR, or
Based on your explicit consent as required under Art. 6(1)(a) GDPR and, where applicable, § 7(2) UWG (German Act Against Unfair Competition).
We perform these activities in a targeted and responsible way, and we do not sell your data to third parties.
You have the right to object at any time to the use of your personal data for direct marketing purposes. If you exercise your right to object, we will immediately cease the use of your data for these purposes.
You can notify us of your objection via the contact details provided in Section 1 of this policy or by following the opt-out instructions in any advertising message you receive.
7. Newsletter & Promotional Communication
7.1. Subscription to Our Newsletter
If you subscribe to our newsletter, we use your email address to send regular promotional emails, provided you have expressly agreed to receive them (Article 6(1)(a) GDPR).
We use a double opt-in system. You will only receive newsletters after confirming your email via a link sent in a confirmation email. We log your IP address and the time of confirmation for documentation.
You may unsubscribe at any time via a link in each email or by contacting us directly. Upon doing so, we will immediately remove your email address unless you have expressly consented to further use, or we are legally permitted to continue using it.
7.2. Newsletter Delivery via Sender.net
We send our newsletters via the service provider:
Sender.net, UAB
Žalgirio g. 90, LT-09303 Vilnius, Lithuania
Privacy Policy: https://www.sender.net/privacy-policy/
When you subscribe, your data (email address and, where provided, name) is stored and processed on Sender.net servers within the EU.
Sender.net uses analysis tools (e.g. tracking pixels) to determine whether messages are opened and which links are clicked. This helps us optimize content and user experience.
Processing is based on our legitimate interest (Article 6(1)(f) GDPR). These analytics are carried out pseudonymously and not linked to other personal data. You may object to this processing at any time by unsubscribing.
We have concluded a Data Processing Agreement (DPA) with Sender.net pursuant to Article 28 GDPR.
7.3. Community Applications and Membership Programs
We may offer various membership programs, exclusive communities, or special access groups that require application or registration. For these programs, we collect personal data which may include:
Basic personal information (name, email address)
Social media profiles or handles
Qualification information or reasons for interest
Other information relevant to the specific program or community
This data is collected for the purpose of:
Reviewing and processing applications
Communicating about membership status
Providing access to restricted content or events
Enabling community interactions
Delivering program-specific updates
The legal basis for processing this data is:
Article 6(1)(b) GDPR for processing necessary to take steps at your request prior to entering into a potential membership agreement
Article 6(1)(a) GDPR based on your consent when you submit an application form
You may withdraw from any program and request deletion of your related personal data at any time by contacting us using the details in Section 1.
7.4. Promotions, Giveaways, and Blockchain Interactions
We occasionally conduct promotions, giveaways, contests, or events that may require additional personal data, which may include:
Virtual/Blockchain Identity:
Blockchain wallet addresses
Transaction hashes
Token ownership information
Other blockchain-related identifiers
Physical Identity (for prize delivery):
Full name
Complete postal address
Contact phone number
Email address
Proof of identity (where required by law)
This information is collected only when voluntarily provided by you for specific purposes such as:
Distributing prizes or rewards (both digital and physical)
Verifying eligibility for token-gated content or events
Delivering digital or physical assets
Confirming participation in blockchain-based activities
Complying with tax or legal requirements related to prize distribution
The legal basis for this processing is:
Article 6(1)(a) GDPR based on your consent when you voluntarily provide this information
Article 6(1)(b) GDPR for processing necessary to fulfill our obligations related to the promotion or giveaway
Article 6(1)(c) GDPR for compliance with legal obligations (such as tax reporting for high-value prizes)
Please note that blockchain information, including wallet addresses and transaction data, is typically visible on public blockchains. While we process your blockchain information confidentially within our systems, the transactions themselves exist on public ledgers outside our control.
Physical address information for prize delivery is shared only with shipping providers as necessary to complete delivery. We retain this information only for the time required to complete the promotion and fulfill any related legal obligations.
You may request deletion of this data from our systems at any time, although information recorded on public blockchains cannot be removed.
8. Payment and Shipping Providers
We may share your data with third parties for delivery and payment processing as part of contractual fulfillment, as follows:
Shipping provider: receives your shipping address
Payment service providers and banks: receive the relevant payment data
Legal basis: Article 6(1)(b) GDPR
9. Embedded Content
9.1 YouTube Videos
We use embedded YouTube videos on our site. Provider is:
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland
We use "Privacy-Enhanced Mode" which means that user data is only transferred when you play a video.
When a video is played, YouTube sets cookies and may establish a connection to servers in the U.S. This may result in the transfer of personal data outside the EU.
If you are logged into Google services, playback will be associated with your account. To prevent this, log out before launching the video.
Data is processed based on your explicit consent (Article 6(1)(a) GDPR and §25(1) TTDSG). You can revoke your consent at any time via cookie settings.
Further information: https://policies.google.com/privacy
9.2 Vimeo Videos
Our website may include embedded videos from Vimeo. Provider is:
Vimeo LLC
555 West 18th Street, New York, NY 10011, USA
When you visit a page with embedded Vimeo content, a connection to Vimeo's servers is established and information about your visit (including your IP address) may be transmitted to Vimeo in the USA.
If you are logged into your Vimeo account, Vimeo can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Vimeo account before visiting our website.
Data is processed based on your explicit consent (Article 6(1)(a) GDPR and §25(1) TTDSG). You can revoke your consent at any time via cookie settings.
Further information: https://vimeo.com/privacy
9.3 X (formerly Twitter) Content
We may embed content from X (formerly Twitter) on our website. Provider is:
X Corp. (formerly Twitter, Inc.)
1355 Market Street, Suite 900, San Francisco, CA 94103, USA
When you visit a page containing X embeds, your browser establishes a direct connection with X's servers. X receives information about your visit to our site, including your IP address, and may set cookies on your device.
If you are logged into X, the service can directly associate your browsing behavior with your profile. You can prevent this by logging out of your X account before visiting our website.
Data is processed based on your explicit consent (Article 6(1)(a) GDPR and §25(1) TTDSG). You can revoke your consent at any time via cookie settings.
Further information: https://twitter.com/privacy
10. Your Rights Under the GDPR
As a data subject, you have the following rights:
Right of Access (Art. 15 GDPR) - Right to Rectification (Art. 16 GDPR)
Right to Erasure ("Right to be Forgotten", Art. 17 GDPR)
Right to Restrict Processing (Art. 18 GDPR)
Right to Data Portability (Art. 20 GDPR)
Right to Withdraw Consent (Art. 7(3) GDPR)
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
Right to Object (Art. 21 GDPR)
You have the right to object at any time to data processing based on Article 6(1)(f) GDPR on grounds relating to your particular situation.
Specifically, you may object to the use of your data for direct marketing. If you do, we will stop sending promotional messages.
To exercise these rights, please contact us via the contact details in Section 1.
11. Data Retention
The duration of storage depends on:
Legal retention and tax obligations (Art. 6(1)(c) GDPR + HGB/AO provisions)
Contractual obligations and service delivery (Art. 6(1)(b) GDPR)
Consent you have given (Art. 6(1)(a) GDPR)
If no legal obligation applies and the purpose for data processing no longer exists, your data will be deleted.
12. NFC and NFT Technology
12.1. NFC Technology
We use DNA Tags (NFC technology) to connect digital content with physical items. When you scan an NFC tag with your device:
Your device creates an SDM (Secure Dynamic Message) that is sent to our backend
This message is used to verify the authenticity and validate the physical object
We collect basic browser information (as described in Section 2) - With your explicit consent, we may collect location data to enhance functionality
We process interaction data to provide the intended digital-physical connection service
The legal basis for this processing is:
Article 6(1)(b) GDPR for necessary processing to provide the service you requested
Article 6(1)(a) GDPR for optional data collection (like location) based on your explicit consent
You can withdraw consent for optional data collection at any time through your account settings or by contacting us using the details in Section 1.
12.2. NFT Transactions
When you engage with NFT (Non-Fungible Token) functionality on our platform:
If you use our built-in transaction mechanisms, we collect:
Your blockchain wallet address
Basic browser information
Transaction hash (TxHash) data
If you conduct transactions outside our platform, we do not collect transaction data
We use TxHash data to:
Provide real-time transaction status updates
Track incoming transactions for financial and accounting purposes
Improve user experience during blockchain confirmation waiting periods
The legal basis for this processing is:
Article 6(1)(b) GDPR for processing necessary to fulfill our contractual obligations
Article 6(1)(f) GDPR for our legitimate interest in maintaining financial records
Please note that blockchain transactions create permanent, public records on the respective blockchain. While we process your transaction data confidentially, the transaction itself is recorded on a public ledger outside our control.
You have the right to request access to your stored wallet and transaction information. Due to the nature of blockchain technology, we cannot delete transaction records from the blockchain itself.
13. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy to ensure compliance with current law or to reflect changes in our services. The updated version will be posted on our website. Please check back regularly.
Last updated: April 18, 2025
Copyright 2025 Adaki, all rights reserved
Whitepaper
Roadmap
Product Policies
Copyright 2025 Adaki, all rights reserved
Whitepaper
Roadmap
Product Policies
Copyright 2025 Adaki, all rights reserved
Whitepaper
Roadmap
Product Policies