Personal Information: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The deployment of processors relies on Art. 28 GDPR.
All other capitalised words bear the same meaning as portrayed in the General Terms: https://anycoindirect.eu/en/terms
2. Personal information and purpose of processing
Anycoin Direct processes personal data on the basis of the following grounds:
- The processing is necessary for the execution of the agreement between the customer and Anycoin Direct;
- The processing is necessary to comply with legal obligations;
- The customer gives permission for the processing of personal data.
During Account creation and registration, the Customer is obliged to provide certain Personal Information in accordance with European and/or national legislation. After registering the Account, Anycoin Direct assesses whether a business relationship/agreement is established.
If no business relationship is established, the personal data must nevertheless be processed and stored by Anycoin Direct, in accordance with laws and regulations and on the basis of given permission.
2.1 Automated decision-making and profiling
Anycoin Direct hereby notifies all Customers of the existence of automated decision-making and profiling, pursuant to Art. 13 para 2 lit. f GDPR. Processing of Personal Information by automated means results in weighing the variables and adding value to the results. These endeavours are based on Art. 6 para 1 lit. c GDPR – in conjunction with the EU Anti-Money Laundering Directives and national transposition thereof. Combating money laundering and the financing of terrorism requires the implementation of an automated Risk-Based Approach (RBA). This system encompasses many of the measures in place to react to (alleged) fraudulent use, however, the system is also capable to act in a vigilant and predictive manner. Any Customer that believes their fundamental rights have been negatively impacted by the automated decision-making, are welcomed to contact our Customer Support department for human revision. Anycoin Direct complies with article 22 of the GDPR.
Any Customer that believes their fundamental rights have been negatively impacted by the automated decision-making, are welcomed to contact our Customer Support department for human revision.
2.2 Collection of Personal Information
The following information is collected, processed and/or stored by Anycoin Direct:
- Email-address, first- and last name, address (country, city, zip code, street number) - - mandatory information to be provided by the Customer at the time of Account creation. The Customer identifies him/herself and makes sure the information is legally correct. This information is crucial for using the services.
- Date of Birth – Customers must be at least 18 years old to use of the services.
- (Register) IP - the IP address is automatically collected and stored at the time of Account creation and/or when using the services. The IP address is part of security measures in place to safeguard (the Account of) the Customer.
- Bank account number and bank account holder - when using the services, both the bank account number and bank account holder will be associated with the Account. This makes sure that the Customer can only use his/her personal bank details when using the services. Should the Customer have a shared bank account, the Customer must provide written proof that both persons are legally authorised to use the bank account. This proof must be sent to email@example.com
- Credit card number and credit card holder – same conditions apply as to bank accounts.
- Coin address(es) - all used coin-addresses are automatically collected, processed and stored by Anycoin Direct and are continuously monitored for possible (previous) use to protect the security and Integrity of the platform.*
- *If you generate a wallet address via the 'Seed phrase tool', your extended publict key (XPUB) will be shared with Anycoin Direct, so that future addresses associated with this XPUB can be automatically validated.
- Phone number – for account security and verification and the option of Two-Factor-Authentication.
- Travel document(s) (i.e. government-issued identification document, passport or residence permit) - to establish and verify the Identity of customers. ○ If you have a residence permit, we also ask you to provide a copy of your original passport.
- Gender - for verification purposes enter "female", "male", "other" or "not disclosed".
- Verification Questions - based on laws and regulations Anycoin Direct may ask risk based verification questions. The answers will be processed and stored in the Customer Account. Questions may include the Customer's financial situation such as employment status and income.
- Proof of residence - required to be provided by all clients residing in Austria. For clients residing in other countries of the European Economic Area (EEA), proof of residence is required to be provided voluntarily in order to obtain higher limits.
In addition, the Customer has the voluntary choice to provide additional Personal Information in order to raise the spending limits of their Account. Higher spending limits equals higher buy, sell and trade limits. Anycoin Direct processes additional Personal Information pursuant to Art. 6 para 1 lit. f GDPR for the purpose of legitimate interests which focus anti-fraud prevention. It is necessary to process additional Personal Information regarding the identity of the Customer when they pursue higher limits since higher buying, selling and trading limits are attracting fraudulent use. For ensuring a secure trading environment and protecting Anycoin Direct credibility from damage it is essential to establish and verify the identity of the Customer. In the light of the data minimisation principle, the scope of the required additional Personal Information depends on the limits pursued by the Customer.
The following information is provided voluntarily by the Customer and subsequently collected, processed and/or stored by Anycoin Direct in case the Customer applies for higher limits:
- Proof of Residence
- Video-verification recording
- Source of Funds
Anycoin Direct retains the right to, in light of providing adequate customer support, request the Customer to verify his/her identity.
2.3 Enhanced Due Diligence (EDD)
Anycoin Direct retains the right to subject Customers to an EDD procedure, in the event Anycoin Direct is obligated by law to do so, in accordance with Art. 6 para 1 lit. c GDPR or when it has reasons to believe EDD is a necessity for prolongation of the business relationship with a Customer. The provisions in the General Terms and Conditions describe frameworks in which EDD can be deployed.
3. Confidentiality and Transfer of Personal Data
Anycoin Direct respects the privacy of all its visitors and Customers. Anycoin Direct may transfer, share or otherwise make personal data available to related entities within the Anycoin Direct group.
Therefore, Anycoin Direct will never transfer, sell, rent, lease or otherwise make available, personal data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies (all Art. 6 para 1 lit. c GDPR) and/or to protect Anycoin Direct’ financial position in case of fraudulent orders or default payments (Art. 6 para 1 lit. f GDPR). Should a disclosure request be addressed to Anycoin Direct, Anycoin Direct will notify the Customer without undue delay - unless Anycoin Direct is prohibited from doing so. In all cases the data request shall be individually focussed and substantiated.
Please also see Art. 10 General Terms.
4. Know Your Customer
Anycoin Direct as a Financial Institution is obliged to adhere to the Know Your Customer ("KYC") principle, in accordance with European and national laws and regulations. The KYC process includes a number of verification steps, depending on the range of services desired. The KYC-policy is further explained in Art. 7 of the General Terms.
5. Use of information
Anycoin Direct can use the information provided by the Customer for a number of purposes, e.g.:
- Sending functional emails, e.g. to provide login information.
- For the improvement of the services and for the development of the Platform as a whole.
- Incidental promotion of news related to the services of Anycoin Direct. All Customers may manually subscribe to these emails.
- Incidental emails to improve the cooperation between the Customer and Anycoin Direct.
- The performance of the services by qualified employees of Anycoin Direct requested by the Customer as offered by Anycoin Direct.
- Sending emails for marketing purposes and notices required to be received for use of the Services.
- Having payments made to and from the Vault by Anycoin Direct Hodling Services Foundation. In this case the IBAN and name of the Customer will be processed by the Foundation.
6. Security and retention period
At Anycoin Direct we take various security measures to process and store personal data in a safe way. These security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Legal obligations require us to store certain personal data. The data is stored securely offline and online. In order to do this as effectively as possible, we have recruited a certified reputable partner who continues to optimize the security and processes surrounding it in accordance with the latest knowledge and updates. External parties do not have access to this data. Only authorized employees have access to personal data to perform the task for which this personal was requested. Their accesses are logged. Furthermore, the online and offline accesses are secured with uniquely generated passwords and cannot be accessed without additional Two-factor authentications.
The safety measures are reviewed in accordance with legal and technical developments.
Identifiable information required for the services of Anycoin Direct will be saved if necessary. All data should be retained for a certain period of time after deactivation of the customer account, in line with the General Data Protection Regulation and the Fifth Anti-Money Laundering Directive and any subsequent or additional Union or national legislation. Anycoin Direct applies the following legal retention periods:
- A period of 5 (five) years for the personal data of customers residing in the EEA, with the exception of customers residing in Austria;
Regular inspections by Anycoin Direct’s compliance department and third party specialists warrant that Anycoin Direct data security and safety measures are up to standards.
7. Customer rights and obligations in relation to Personal Information
7.1 Right to object
Regarding Personal Information processed due to our legitimate interest (Art. 6 para 1 lit. f GDPR), the Customer has the right to object processing such data at any time (Art. 21 GDPR). However, Anycoin Direct may process additional Personal Information despite the Customer’s objection when Anycoin Direct can demonstrate compelling legitimate grounds (e.g. exercise or defence of legal claims).
7.1.1 Deactivation of the account
7.2 Right of access
The Customer has the right to access the Personal Information collected and stored by Anycoin Direct (Art. 15 GDPR). Any such requests must be directed to the designated Data Protection Officer (DPO). The DPO has been appointed pursuant to Art. 37 para 1 lit. b GDPR.
The DPO shall take the request under advisement and provide communication to the Customer concerning; the Personal Information it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.
Anycoin Direct shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Considering the complexity and number of requests that period might be extended by two further months where necessary. In case Anycoin Direct will extend the period, the Customer will be informed within one month of receipt of the request, together with the reasons for the delay.
The Personal Information shall, in principle, be provided to the Customer, free of charge, in a structured, commonly used and machine-readable format unless the Customer specifically requests otherwise. The Customer has the right to request Personal Information, from the DPO, free of charge, once per calendar-year.
The Data Protection Officer may be contacted, via email, at: firstname.lastname@example.org
The Customer specifically requests:
- Access to the collected, processed and/or stored data;
- Includes at least the following identifiable information: registered first- and last names and the registered email-address;
- The Customer may include additional information (such as an Order ID).
A well-structured enquiry is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Information. The DPO may require additional information from the Customer in order to determine their identity.
7.3 Right to deletion, rectification and data portability
The Customer has the right to get his data rectified in case Anycoin Direct processes inaccurate data concerning him or her (Art. 16 GDPR). Furthermore, the Customer has the right to deletion, in case the legal requirements of this right are fulfilled, especially in case personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 GDPR). If there is a case in which personal data can be transmitted to another Controller (Art. 4 (7) GDPR), Anycoin Direct guarantees the right to data portability (Art. 20 GDPR).
Customer can submit a request to the Data Protection Officer by sending an email to: email@example.com The following information must be sent with the request:
- First and last name/names registered with Anycoin Direct;
- Email address registered with Anycoin Direct.
If the name and email address do not match a customer account, the request cannot be granted.
Pursuant to Art. 28 GDPR and in order to provide the services to Customers, Anycoin Direct may enter into contract with third-party processors which support, or make available, certain (parts of the) services.
Anycoin Direct will, at all times, protect the information it collects, processes or stores. Therefore, Anycoin Direct only chooses to do business with reputable companies that are transparent, approachable and are in possession of internationally recognised certificates. Furthermore, if any of these processors is not based in the European Union and/or may transfer data to a facility outside the European Union, Anycoin Direct contractually safeguards that the Personal Information is only processed for the purpose following instructions by Anycoin Direct (Art. 44 & 46 GDPR).
Anycoin Direct uses the services of the following categories of Processors:
- Payment Service Provider;
- Data Servers;
- Hosting Parties;
- Enterprise software;
- Customer support software provider;
- Verification and identification partner;
- Transaction monitoring system provider;
- Telecommunications service providers;
9. Filing a complaint with the National Supervisory Authority (NSA)
Customer may file a complaint directly to the NSA (Art. 77 GDPR). Customer may choose to file a complaint to the NSA in their country or file a complaint with the Dutch NSA, which, by virtue of Anycoin Direct having legal residence in the Netherlands, will be the Lead Supervisory Authority (Art. 56 para 1-2 GDPR). Each European member state has designated a person or institution which has competences related to data protection.
The competent Dutch NSA can be reached at the following contact details:
As Anycoin Direct is registered with the Financial Market Authority Austria, customers residing in Austria can (also) file a complaint regarding the processing of their personal data with the Austrian Supervisory Authority.
A full overview of all the NSAs in the European Union and their contact information can be found here: europa.eu
Phone: +31 413 74 71 74
Live chat: https://anycoindirect.eu/
Release date: 19 April 2022
5466 AH, Veghel, the Netherlands
Chamber of commerce: 59466197
TAX number: NL853504234B01