Privacy Policy

PRIVACY POLICY of Anycoin Direct

1. Scope

This Privacy Policy applies to all Customers and users of the services of Anycoin Direct and all visitors of the website ("Website”, “Platform”). The Privacy Policy is complementary to the General Terms. The Cookie Policy is part of this Privacy Policy.

1.1 Definitions

Personal Information: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Subject: means an individual who is the subject of Personal Information. In this Privacy Policy references to a Data Subject could be made with ‘visitor(s)’, ‘Customer(s)’ and/or ‘user(s)’, yet they bear the same meaning.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The deployment of processors relies on Art. 28 GDPR.

All other capitalised words bear the same meaning as portrayed in the General Terms:

2. Personal information and purpose of processing

Anycoin Direct processes personal data on the basis of the following grounds:

  • The processing is necessary for the execution of the agreement between the customer and Anycoin Direct;
  • The processing is necessary to comply with legal obligations;
  • The customer gives permission for the processing of personal data.

During Account creation and registration, the Customer is obliged to provide certain Personal Information in accordance with European and/or national legislation. After registering the Account, Anycoin Direct assesses whether a business relationship/agreement is established.

This agreement is a requirement to be able to offer you the services of Anycoin Direct (see Article 2 of the General Terms and Conditions). This data, as described in this Privacy Policy, serves to identify the Customer and its requirements that follow from European and/or national laws and regulations. In addition, Anycoin Direct asks the Customer for permission to process the data.

If no business relationship is established, the personal data must nevertheless be processed and stored by Anycoin Direct, in accordance with laws and regulations and on the basis of given permission.

During registration, the Customer must take note of the Privacy Policy and perform an affirmative action whereby consent to the collection, processing and/or storage requirements is recorded by Anycoin Direct.

2.1 Automated decision-making and profiling

Anycoin Direct hereby notifies all Customers of the existence of automated decision-making and profiling, pursuant to Art. 13 para 2 lit. f GDPR. Processing of Personal Information by automated means results in weighing the variables and adding value to the results. These endeavours are based on Art. 6 para 1 lit. c GDPR – in conjunction with the EU Anti-Money Laundering Directives and national transposition thereof. Combating money laundering and the financing of terrorism requires the implementation of an automated Risk-Based Approach (RBA). This system encompasses many of the measures in place to react to (alleged) fraudulent use, however, the system is also capable to act in a vigilant and predictive manner. Any Customer that believes their fundamental rights have been negatively impacted by the automated decision-making, are welcomed to contact our Customer Support department for human revision. Anycoin Direct complies with article 22 of the GDPR.

Any Customer that believes their fundamental rights have been negatively impacted by the automated decision-making, are welcomed to contact our Customer Support department for human revision.

2.2 Collection of Personal Information

The following information is collected, processed and/or stored by Anycoin Direct:

  • Email-address, first- and last name, address (country, city, zip code, street number) - - mandatory information to be provided by the Customer at the time of Account creation. The Customer identifies him/herself and makes sure the information is legally correct. This information is crucial for using the services.
  • Date of Birth – Customers must be at least 18 years old to use of the services.
  • (Register) IP - the IP address is automatically collected and stored at the time of Account creation and/or when using the services. The IP address is part of security measures in place to safeguard (the Account of) the Customer.
  • Bank account number and bank account holder - when using the services, both the bank account number and bank account holder will be associated with the Account. This makes sure that the Customer can only use his/her personal bank details when using the services. Should the Customer have a shared bank account, the Customer must provide written proof that both persons are legally authorised to use the bank account. This proof must be sent to
  • Credit card number and credit card holder – same conditions apply as to bank accounts.
  • Coin address(es) - all used coin-addresses are automatically collected, processed and stored by Anycoin Direct and are continuously monitored for possible (previous) use to protect the security and Integrity of the platform.*
  • *If you generate a wallet address via the 'Seed phrase tool', your extended publict key (XPUB) will be shared with Anycoin Direct, so that future addresses associated with this XPUB can be automatically validated.
  • Phone number – for account security and verification and the option of Two-Factor-Authentication.
  • Travel document(s) (i.e. government-issued identification document, passport or residence permit) - to establish and verify the Identity of customers. ○ If you have a residence permit, we also ask you to provide a copy of your original passport.
  • Gender - for verification purposes enter "female", "male", "other" or "not disclosed".
  • Verification Questions - based on laws and regulations Anycoin Direct may ask risk based verification questions. The answers will be processed and stored in the Customer Account. Questions may include the Customer's financial situation such as employment status and income.
  • Proof of residence - required to be provided by all clients residing in Austria. For clients residing in other countries of the European Economic Area (EEA), proof of residence is required to be provided voluntarily in order to obtain higher limits.

In addition, the Customer has the voluntary choice to provide additional Personal Information in order to raise the spending limits of their Account. Higher spending limits equals higher buy, sell and trade limits. Anycoin Direct processes additional Personal Information pursuant to Art. 6 para 1 lit. f GDPR for the purpose of legitimate interests which focus anti-fraud prevention. It is necessary to process additional Personal Information regarding the identity of the Customer when they pursue higher limits since higher buying, selling and trading limits are attracting fraudulent use. For ensuring a secure trading environment and protecting Anycoin Direct credibility from damage it is essential to establish and verify the identity of the Customer. In the light of the data minimisation principle, the scope of the required additional Personal Information depends on the limits pursued by the Customer.

The Customer must, prior to providing the additional Personal Information, take note of the Privacy Policy and, per component, complete the notification process with a confirmatory action which is recorded by Anycoin Direct.

The following information is provided voluntarily by the Customer and subsequently collected, processed and/or stored by Anycoin Direct in case the Customer applies for higher limits:

  • Proof of Residence
  • Video-verification recording
  • Source of Funds

All other Personal or personally identifiable Information sent to Anycoin Direct by the Customer, be it directly or indirectly, shall be deemed provided voluntarily and with implicit consent. Anycoin Direct may decide to utilise this voluntarily provided information for internal purposes, with respect to Art. 2.3 of this Privacy Policy.

Anycoin Direct retains the right to, in light of providing adequate customer support, request the Customer to verify his/her identity.

2.3 Enhanced Due Diligence (EDD)

Anycoin Direct retains the right to subject Customers to an EDD procedure, in the event Anycoin Direct is obligated by law to do so, in accordance with Art. 6 para 1 lit. c GDPR or when it has reasons to believe EDD is a necessity for prolongation of the business relationship with a Customer. The provisions in the General Terms and Conditions describe frameworks in which EDD can be deployed.

3. Confidentiality and Transfer of Personal Data

Anycoin Direct respects the privacy of all its visitors and Customers. Anycoin Direct may transfer, share or otherwise make personal data available to related entities within the Anycoin Direct group.

Therefore, Anycoin Direct will never transfer, sell, rent, lease or otherwise make available, personal data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies (all Art. 6 para 1 lit. c GDPR) and/or to protect Anycoin Direct’ financial position in case of fraudulent orders or default payments (Art. 6 para 1 lit. f GDPR). Should a disclosure request be addressed to Anycoin Direct, Anycoin Direct will notify the Customer without undue delay - unless Anycoin Direct is prohibited from doing so. In all cases the data request shall be individually focussed and substantiated.

Please also see Art. 10 General Terms.

4. Know Your Customer

Anycoin Direct as a Financial Institution is obliged to adhere to the Know Your Customer ("KYC") principle, in accordance with European and national laws and regulations. The KYC process includes a number of verification steps, depending on the range of services desired. The KYC-policy is further explained in Art. 7 of the General Terms.

5. Use of information

Anycoin Direct can use the information provided by the Customer for a number of purposes, e.g.:

  • Sending functional emails, e.g. to provide login information.
  • For the improvement of the services and for the development of the Platform as a whole.
  • Incidental promotion of news related to the services of Anycoin Direct. All Customers may manually subscribe to these emails.
  • Incidental emails to improve the cooperation between the Customer and Anycoin Direct.
  • The performance of the services by qualified employees of Anycoin Direct requested by the Customer as offered by Anycoin Direct.
  • Sending emails for marketing purposes and notices required to be received for use of the Services.
  • Having payments made to and from the Vault by Anycoin Direct Hodling Services Foundation. In this case the IBAN and name of the Customer will be processed by the Foundation.

6. Security and retention period

At Anycoin Direct we take various security measures to process and store personal data in a safe way. These security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Legal obligations require us to store certain personal data. The data is stored securely offline and online. In order to do this as effectively as possible, we have recruited a certified reputable partner who continues to optimize the security and processes surrounding it in accordance with the latest knowledge and updates. External parties do not have access to this data. Only authorized employees have access to personal data to perform the task for which this personal was requested. Their accesses are logged. Furthermore, the online and offline accesses are secured with uniquely generated passwords and cannot be accessed without additional Two-factor authentications.

The safety measures are reviewed in accordance with legal and technical developments.

Identifiable information required for the services of Anycoin Direct will be saved if necessary. All data should be retained for a certain period of time after deactivation of the customer account, in line with the General Data Protection Regulation and the Fifth Anti-Money Laundering Directive and any subsequent or additional Union or national legislation. Anycoin Direct applies the following legal retention periods:

  • A period of 5 (five) years for the personal data of customers residing in the EEA, with the exception of customers residing in Austria;

Regular inspections by Anycoin Direct’s compliance department and third party specialists warrant that Anycoin Direct data security and safety measures are up to standards.

7. Customer rights and obligations in relation to Personal Information

7.1 Right to object

Regarding Personal Information processed due to our legitimate interest (Art. 6 para 1 lit. f GDPR), the Customer has the right to object processing such data at any time (Art. 21 GDPR). However, Anycoin Direct may process additional Personal Information despite the Customer’s objection when Anycoin Direct can demonstrate compelling legitimate grounds (e.g. exercise or defence of legal claims).

7.1.1 Deactivation of the account

The Customer has the right to deactivate their Account at any given time and the Customer may initiate this process by following the instructions as provided under the “Account settings” in their personal environment on the Website. Deactivation of the Account can only be honoured if the Customer does not have any open buy, trade or sell orders or any other disputes relating to their Account. When the Customer decides to deactivate their Account, Anycoin Direct will delete all Personal Information of the Customer pursuant to Art. 6 of this Privacy Policy.

7.2 Right of access

The Customer has the right to access the Personal Information collected and stored by Anycoin Direct (Art. 15 GDPR). Any such requests must be directed to the designated Data Protection Officer (DPO). The DPO has been appointed pursuant to Art. 37 para 1 lit. b GDPR.

The DPO shall take the request under advisement and provide communication to the Customer concerning; the Personal Information it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.

Anycoin Direct shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Considering the complexity and number of requests that period might be extended by two further months where necessary. In case Anycoin Direct will extend the period, the Customer will be informed within one month of receipt of the request, together with the reasons for the delay.

The Personal Information shall, in principle, be provided to the Customer, free of charge, in a structured, commonly used and machine-readable format unless the Customer specifically requests otherwise. The Customer has the right to request Personal Information, from the DPO, free of charge, once per calendar-year.

The Data Protection Officer may be contacted, via email, at:

The Customer specifically requests:

  • Access to the collected, processed and/or stored data;
  • Includes at least the following identifiable information: registered first- and last names and the registered email-address;
  • The Customer may include additional information (such as an Order ID).

A well-structured enquiry is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Information. The DPO may require additional information from the Customer in order to determine their identity.

7.3 Right to deletion, rectification and data portability

The Customer has the right to get his data rectified in case Anycoin Direct processes inaccurate data concerning him or her (Art. 16 GDPR). Furthermore, the Customer has the right to deletion, in case the legal requirements of this right are fulfilled, especially in case personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 GDPR). If there is a case in which personal data can be transmitted to another Controller (Art. 4 (7) GDPR), Anycoin Direct guarantees the right to data portability (Art. 20 GDPR).

Customer can submit a request to the Data Protection Officer by sending an email to: The following information must be sent with the request:

  • First and last name/names registered with Anycoin Direct;
  • Email address registered with Anycoin Direct.

If the name and email address do not match a customer account, the request cannot be granted.

8. Processors

Pursuant to Art. 28 GDPR and in order to provide the services to Customers, Anycoin Direct may enter into contract with third-party processors which support, or make available, certain (parts of the) services.

Anycoin Direct will, at all times, protect the information it collects, processes or stores. Therefore, Anycoin Direct only chooses to do business with reputable companies that are transparent, approachable and are in possession of internationally recognised certificates. Furthermore, if any of these processors is not based in the European Union and/or may transfer data to a facility outside the European Union, Anycoin Direct contractually safeguards that the Personal Information is only processed for the purpose following instructions by Anycoin Direct (Art. 44 & 46 GDPR).

Anycoin Direct uses the services of the following categories of Processors:

  • Payment Service Provider;
  • Data Servers;
  • Hosting Parties;
  • Enterprise software;
  • Customer support software provider;
  • Verification and identification partner;
  • Transaction monitoring system provider;
  • Telecommunications service providers;
  • Auditor.

9. Filing a complaint with the National Supervisory Authority (NSA)

Customer may file a complaint directly to the NSA (Art. 77 GDPR). Customer may choose to file a complaint to the NSA in their country or file a complaint with the Dutch NSA, which, by virtue of Anycoin Direct having legal residence in the Netherlands, will be the Lead Supervisory Authority (Art. 56 para 1-2 GDPR). Each European member state has designated a person or institution which has competences related to data protection.

The competent Dutch NSA can be reached at the following contact details:

Autoriteit Persoonsgegevens

Prins Clauslaan 60

P.O. Box 93374

2509 AJ Den Haag/The Hague

Tel.: +31 70 888 8500

Fax: +31 70 888 8501



As Anycoin Direct is registered with the Financial Market Authority Austria, customers residing in Austria can (also) file a complaint regarding the processing of their personal data with the Austrian Supervisory Authority.

Österreichische Datenschutzbehörde

Hohenstaufengasse 3

1010 Wien

Tel. +43 1 531 15 202525

Fax +43 1 531 15 202690



A full overview of all the NSAs in the European Union and their contact information can be found here:

10. Cookies

Upon visiting the Website and making use of the services, certain cookies are active. Although the Cookie Policy forms part of this Privacy Policy, the Cookie Policy is available in a separate document which describes the functionalities in detail.

11. Amendments

Anycoin Direct has the right to change the content of this Privacy Policy without prior notification to its visitors and Customers. Any modification to this Privacy Policy will take immediate effect and will apply to all further contacts, visits, transactions and agreements. Notifications of such changes will be posted on the Website or any other official communication channel, when deemed necessary. Customers and visitors are, nevertheless, strongly advised to consult this Privacy Policy regularly.

12. Questions

Visitors and Customers are invited to contact Anycoin Direct with any question about this Privacy Policy.


Phone: +31 413 74 71 74

Live chat:

Release date: 19 April 2022

13. Impressum

Phoenix Payments B.V. (operating under name of: Anycoin Direct)

Marshallweg 5

5466 AH, Veghel, the Netherlands

Chamber of commerce: 59466197

TAX number: NL853504234B01