GDPR Notice

Scope and Controller

This General Data Protection Regulation (GDPR) Notice describes how SixSixSeven: The Next Block (the website available at sixsixseven.net) processes personal data. The data controller is Yolanda Niepagen, 5000 S Arizona Mills Cir, Tempe, AZ 85282, United States.

For all privacy inquiries, data subject requests, or questions about this Notice, please contact: [email protected].

This Notice applies primarily to individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland. It is designed to be consistent with applicable U.S. federal and state privacy laws where relevant, without limiting any rights available under the GDPR.

Definitions

“Personal data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction. “Controller” means the entity that determines the purposes and means of the processing of personal data.

Categories of Personal Data Processed

  • Identifiers and contact details: name, email address, username or handle, and similar identifiers you provide.
  • Account and preference data: account credentials, settings, saved preferences, subscription choices, and communication preferences.
  • Crypto-related data: public wallet addresses, blockchain identifiers, transaction hashes, and on-chain metadata that may be publicly available on distributed ledgers.
  • Device and usage data: IP address, browser type and version, device identifiers, operating system, referral URLs, pages viewed, time on page, clickstream data, and other diagnostic or analytics information.
  • Approximate geolocation: derived from IP address for localization and security, without precise geolocation.
  • Content you submit: inquiries, feedback, support requests, survey responses, comments, and other user-generated content.
  • Marketing and campaign data: campaign identifiers, affiliate or referral codes, cookie or pixel identifiers, and engagement with our communications.
  • Compliance and fraud-prevention data: records necessary to prevent abuse, secure our services, and comply with legal requirements; if certain third-party airdrops or listings require Know Your Customer procedures, such verification may be performed by vetted partners, and we generally do not receive your full KYC documents unless you provide them directly.

Sources of Personal Data

  • Directly from you when you submit forms, create an account, subscribe to communications, or contact support.
  • Automatically through cookies, pixels, SDKs, and server logs when you visit or use the website.
  • From public blockchains where transactions and wallet activity are publicly accessible by design.
  • From service providers and partners (for example, analytics providers, email distribution vendors, affiliate networks, or exchange partners) consistent with applicable law and your choices.

Purposes of Processing

  • To provide and operate the website and its features, including coin exploration, exchange comparisons, vetted airdrop discovery, token listing tracking, and news delivery.
  • To create, maintain, and secure accounts; to deliver newsletters and market updates you request; and to provide customer support.
  • To personalize content and measure engagement to improve our guides, tools, and market analysis.
  • To conduct analytics, research, and service optimization, including performance monitoring and troubleshooting.
  • To prevent fraud, abuse, and unauthorized access; to ensure the security and integrity of our systems and users.
  • To comply with legal obligations and respond to lawful requests from authorities.
  • To conduct marketing and promotional activities with your consent where required, including affiliate attribution and campaign performance measurement.

Lawful Bases for Processing (GDPR)

  • Contract performance: where processing is necessary to provide requested services or fulfill our contractual obligations to you.
  • Consent: for activities such as sending certain marketing communications or using non-essential cookies and similar technologies.
  • Legitimate interests: for service improvement, analytics, security and fraud prevention, personalization within reasonable expectations, and business administration, provided such interests are not overridden by your rights and freedoms.
  • Legal obligation: to comply with applicable laws, regulatory requirements, and lawful requests.
  • Publicly available blockchain data: certain processing of on-chain data may involve information already made manifestly public by its publication on distributed ledgers.

Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to operate the website, remember preferences, perform analytics, and, where applicable, support marketing measurement and affiliate attribution.

  • Strictly necessary cookies: essential for core functionality and security.
  • Analytics cookies: help us understand usage and improve the website.
  • Preference cookies: remember choices such as language or display settings.
  • Marketing/attribution cookies: measure campaign effectiveness, affiliate referrals, and manage audience reach where permitted.

Where required by law, we obtain your consent for non-essential cookies and provide the ability to withdraw consent at any time. You may also adjust cookie settings in your browser; disabling certain cookies may affect website functionality.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this Notice, including to comply with legal, accounting, or reporting requirements. Retention periods are determined by applicable laws, contractual obligations, and our operational needs.

  • Account and support records: typically retained for the duration of your relationship with us and up to 24 months after the last interaction, unless longer retention is required by law.
  • Marketing records: retained until you opt out or withdraw consent, and for a limited period thereafter to document your preference.
  • Analytics data: commonly aggregated and/or retained in a pseudonymized form for up to 26 months, subject to configuration.
  • Cookies: retained according to their individual lifetimes as set on your device or until you delete them.
  • Blockchain data: on-chain records are public and immutable; while we cannot remove data from a blockchain, we endeavor to minimize any off-chain linkage we control.

Data Sharing and International Transfers

Service Providers and Partners

We share personal data with carefully selected service providers that process data on our behalf to deliver functionality such as hosting, security, analytics, email distribution, customer support, content delivery, affiliate attribution, and performance monitoring. We require such providers to implement appropriate security measures and to process personal data only on documented instructions.

Affiliates, Advertising, and Attribution

We may share limited identifiers and event data with affiliate networks and measurement partners to attribute referrals and evaluate campaign performance where permitted by law and your preferences.

Legal Compliance and Protection

We may disclose personal data when necessary to comply with laws, regulations, legal processes, or governmental requests; to enforce our terms; or to protect the rights, property, or safety of our users, the public, or our service.

Corporate Transactions

In connection with mergers, acquisitions, restructurings, or asset transfers, personal data may be disclosed to prospective or actual counterparties subject to appropriate confidentiality obligations.

International Transfers

Our operations are based in the United States. Where GDPR applies and personal data is transferred from the EEA, UK, or Switzerland to countries without an adequacy decision, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses and supplementary measures where necessary, and we assess transfer risks to protect data subject rights.

Security of Processing

We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures include access controls, encryption-in-transit, network safeguards, and vendor due diligence. No system can be guaranteed fully secure; we continually assess and improve our safeguards.

Automated Decision-Making and Profiling

We do not engage in solely automated decision-making that produces legal or similarly significant effects about you. We may use limited profiling for analytics, personalization, and marketing measurement consistent with applicable law and your choices.

Your GDPR Rights

  • Right of access: obtain confirmation and a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion, subject to legal and technical limitations (e.g., immutable blockchain records).
  • Right to restriction: request limited processing in certain circumstances.
  • Right to data portability: receive personal data in a structured, commonly used, machine-readable format, and transmit it to another controller where technically feasible.
  • Right to object: object to processing based on legitimate interests and to direct marketing at any time.
  • Right to withdraw consent: withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
  • Right to lodge a complaint: with an EEA, UK, or Swiss supervisory authority if you believe your rights have been infringed.

Exercising Your Rights

To exercise your rights, please email [email protected] with your request and sufficient information to verify your identity (for example, the email address associated with your interactions). We will respond without undue delay and within one month of receipt, extendable as permitted by law when requests are complex or numerous. If we cannot comply, we will provide reasons subject to legal restrictions.

Special Considerations for Blockchain Data

Public blockchains are decentralized, append-only ledgers that are not controlled by SixSixSeven: The Next Block. Records such as wallet addresses and transaction hashes may be inherently public and technically resistant to alteration or deletion. Where GDPR rights such as erasure cannot be fully honored on-chain, we will implement reasonable off-chain measures we control (for example, deleting associated off-chain identifiers, ceasing further linkage, or applying additional pseudonymization) to respect your rights to the extent feasible.

U.S. State Privacy Disclosures and CPRA Alignment

In alignment with U.S. state privacy laws (such as the California Consumer Privacy Act as amended by the CPRA, and similar laws in other states), U.S. residents may have rights to access, correct, delete, and obtain information about our disclosures of personal information, as well as the right to opt out of certain data “sales” or “sharing” for cross-context behavioral advertising. We do not “sell” personal information for money; however, we may “share” limited identifiers and usage data with analytics, attribution, and advertising partners as defined under some state laws.

  • Opt-out of sale/share: You can adjust cookie preferences in your browser and contact us at [email protected] with the subject line “Do Not Sell or Share.”
  • Sensitive personal information: We do not use or disclose sensitive personal information for purposes requiring a separate right to limit under applicable state laws, except where necessary and proportionate for security, integrity, or legal compliance.
  • Response timelines: We will respond to verified requests within 45 days where required by U.S. state law, with extensions as permitted.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.

Children’s Data

Our services are not directed to children. We do not knowingly collect personal data from children under 16 in the EEA/UK or under 13 in the United States. If you believe a child has provided us personal data, please contact us so we can take appropriate steps to delete such data where required.

Data Protection Officer and EU/UK Representative

We have designated a privacy contact reachable at [email protected]. Based on our current activities, we do not believe we are required to appoint a Data Protection Officer or an EU/UK representative; if this changes, we will update this Notice accordingly.

Changes to This Notice

We may modify this Notice from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Material changes will be indicated by updating the “Effective Date” below. We encourage you to review this Notice periodically.

Contact Information

Controller: Yolanda Niepagen

Postal Address: 5000 S Arizona Mills Cir, Tempe, AZ 85282, United States

Email: [email protected]

Effective Date

Effective: 15 October 2025

Similar Posts
HopeSwap Crypto Exchange Review: Risks, Reality, and Safer Alternatives

HopeSwap Crypto Exchange Review: Risks, Reality, and Safer Alternatives

Jordan’s Crypto Policy: Central Bank Rules, AML Requirements & Licensing 2025

Jordan’s Crypto Policy: Central Bank Rules, AML Requirements & Licensing 2025

Two-Way Peg in Sidechains: How Bitcoin Moves Assets Securely

Two-Way Peg in Sidechains: How Bitcoin Moves Assets Securely

Categories

Archives

© 2025. All rights reserved.