Privacy Policy

PRIVACY POLICY of Anycoin Direct

1. Scope

This Privacy Policy applies to all Customers and users of the services of Anycoin Direct and all visitors of the website ("Website”, “Platform”). The Privacy Policy is complementary to the General Terms. The Cookie Policy is part of this Privacy Policy.

1.1 Definitions

Personal Information: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Subject: means an individual who is the subject of Personal Information. In this Privacy Policy references to a Data Subject could be made with ‘visitor(s)’, ‘Customer(s)’ and/or ‘user(s)’, yet they bear the same meaning.

Cold storage: means storage of Personal Information on a server that is not directly connected to the internet and, thus, cannot be connected with by unauthorised personnel and/or third party entities.

Sub-processor(s): means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The deployment of sub-processors relies on Art. 28 GDPR.

All other capitalised words bear the same meaning as portrayed in the General Terms:

2. Personal information and purpose of processing

During Account creation and registration, the Customer is obligated to provide certain Personal Information for the performance of the contract according to Art. 6 para 1 lit. b GDPR. This data, as described in this privacy policy, serves to identify the Customer and are the minimum requirements following European and/or national laws and regulations.

However, certain regulatory exceptions have to be implemented. The Customer must, during registration, take note of the Privacy Policy and complete a confirmatory action by which permission for the collection, processing and/or storage of the minimum requirements is recorded by Anycoin Direct.

2.1 Automated decision-making and profiling

Anycoin Direct hereby notifies all Customers of the existence of automated decision-making and profiling, pursuant to Art. 13 para 2 lit. f GDPR. Processing of Personal Information by automated means results in weighing the variables and adding value to the results. These endeavours are based on Art. 6 para 1 lit. c GDPR – in conjunction with the EU Anti-Money Laundering Directives and national transposition thereof. Combating money laundering and the financing of terrorism requires the implementation of an automated Risk-Based Approach (RBA). This system encompasses many of the measures in place to react to (alleged) fraudulent use, however, the system is also capable to act in a vigilant and predictive manner.

Any Customer that believes their fundamental rights have been negatively impacted by the automated decision-making, are welcomed to contact our Customer Support department for human revision.

2.2 Collection of Personal Information

The following information is collected, processed and/or stored by Anycoin Direct:

  • Email-address, first- and last name, address (country, city, zip code, street number) - - mandatory information to be provided by the Customer at the time of Account creation. The Customer identifies him/herself and makes sure the information is legally correct. This information is crucial for using the services.
  • Date of Birth – you must be older than 18 years old to be allowed to make use of the services.
  • (Register) IP - the IP address is automatically collected and stored at the time of Account creation and/or when using the services. The IP address is part of security measures in place to safeguard (the Account of) the Customer.
  • Bank account number and bank account holder - when using the services, both the bank account number and bank account holder will be associated with the Account. This makes sure that the Customer can only use his/her personal bank details when using the services. Should the Customer have a shared bank account, the Customer must provide written proof that both persons are legally authorised to use the bank account. This proof must be sent to
  • Credit card number and credit card holder – same conditions apply as to bank accounts.
  • Coin address(es) - all used coin-addresses are automatically collected, processed and stored by Anycoin Direct and are continuously checked against any (prior) misuse in order to protect the Customer.

In addition, the Customer has the voluntary choice to provide additional Personal Information in order to raise the spending limits of their Account. Higher spending limits equals higher buy, sell and trade limits. Anycoin Direct processes additional Personal Information pursuant to Art. 6 para 1 lit. f GDPR for the purpose of legitimate interests which focus anti-fraud prevention. It is necessary to process additional Personal Information regarding the identity of the Customer when they pursue higher limits since higher buying, selling and trading limits are attracting fraudulent use. For ensuring a secure trading environment and protecting Anycoin Direct credibility from damage it is essential to establish and verify the identity of the Customer. In the light of the data minimisation principle, the scope of the required additional Personal Information depends on the limits pursued by the Customer.

The Customer must, prior to providing the additional Personal Information, take note of the Privacy Policy and, per component, complete the notification process with a confirmatory action which is recorded by Anycoin Direct.

The following information is provided voluntarily by the Customer and subsequently collected, processed and/or stored by Anycoin Direct in case the Customer applies for higher limits:

  • Phone number
  • Travel documents (i.e. government-issued identification document, passport or residence permit)
  • Proof of Residence
  • Video-verification recording
  • Source of Funds

All other Personal or personally identifiable Information sent to Anycoin Direct by the Customer, be it directly or indirectly, shall be deemed provided voluntarily and with implicit consent. Anycoin Direct may decide to utilise this voluntarily provided information for internal purposes, with respect to Art. 2.3 of this Privacy Policy.

Anycoin Direct retains the right to, in light of providing adequate customer support, request the Customer to verify his/her identity.

2.3 Enhanced Due Diligence (EDD)

Anycoin Direct retains the right to subject Customers to an EDD procedure, in the event Anycoin Direct is obligated by law in accordance with Art. 6 para 1 lit. c GDPR to do so, in particular by Anti Money Laundering legislation, or when it has reasons to believe EDD is a necessity for prolongation of the business relationship with a Customer. Please see Art. 7 para 2 lit. (d)(e) General Terms for detailed explanation.

2.4 Information collected, processed and/or stored when requiring Customer support

For adequate Customer support, Anycoin Direct has employed the Zendesk, Inc. platform. Zendesk, Inc. (Zendesk) serves as a Sub-processor of certain Personal Information as it collects, processes and stores that information to make sure the best support can be given by Anycoin Direct. Since Zendesk Inc. is a certified member of the EU-US Privacy Shield, an adequate level of data protection is ensured.

For a further explanation on Sub-processors, please see Art. 8 of this Privacy Policy.

2.4.1 De volgende gegevens worden verzameld, verwerkt en/of opgeslagen door Zendesk, Inc.

  • Name
  • Email-address
  • Past visits
  • Past chats
  • Location
  • Browser
  • Platform
  • Device
  • IP-address
  • Date
  • Time
  • Message

If a Customer requires customer support via the live chat on the Website, the Customer will receive a transcript of those proceedings automatically. Also, the Customer is free to use the function to extract the transcript after each live chat.

3. Confidentiality and Transfer of Personal Data

Anycoin Direct respects the privacy of all its visitors and Customers.

Therefore, Anycoin Direct will never transfer, sell, rent, lease or otherwise make available, personal data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies (all Art. 6 para 1 lit. c GDPR) and/or to protect Anycoin Direct’ financial position in case of fraudulent orders or default payments (Art. 6 para 1 lit. f GDPR). Should a disclosure request be addressed to Anycoin Direct, Anycoin Direct will notify the Customer without undue delay - unless Anycoin Direct is prohibited from doing so. In all cases the data request shall be individually focussed and substantiated.

Please also see Art. 10 General Terms.

4. Know Your Customer

Like all companies active in the financial sector, Anycoin Direct obliges itself to the Know Your Customer ("KYC") principle. The KYC process includes a number of verification steps, depending on the range of services desired. The KYC-policy is further explained in Art. 7 para. 1-3 General Terms.

5. Use of information

Anycoin Direct can use the information provided by the Customer for a number of purposes, e.g.:

  • Sending functional emails, e.g. to provide login information.
  • For the improvement of the services and for the development of the Platform as a whole.
  • Incidental promotion of news related to the services of Anycoin Direct. All Customers may manually subscribe to these emails.
  • Incidental emails to improve the cooperation between the Customer and Anycoin Direct.
  • The performance of the services by trusted employees of Anycoin Direct requested by the Customer as offered by Anycoin Direct.

6. Security and retention period

Various security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Access to the data is protected by passwords and additional 2-factor authentication. Within Anycoin Direct only specifically authorized staff members have access to the confidential data.

The safety measures are reviewed in accordance with legal and technical developments.

Identifiable information required for the services of Anycoin Direct will be saved if necessary. All data is stored (offline) for 5 (five) years after deactivation of a Customer Account, in line with the General Data Protection Regulation as well as the Fourth Anti-Money Laundering Directive and any subsequent or supplementary Union or national law. Regular inspections by Anycoin Direct’ compliance-department and third party specialists warrant that Anycoin Direct data security and safety measures are up to standards.

7. Customer rights and obligations in relation to Personal Information

7.1 Right to object

Regarding Personal Information processed due to our legitimate interest (Art. 6 para 1 lit. f GDPR), the Customer has the right to object processing such data at any time (Art. 21 GDPR). However, Anycoin Direct may process additional Personal Information despite the Customer’s objection when Anycoin Direct can demonstrate compelling legitimate grounds (e.g. exercise or defence of legal claims).

7.1.1 Deactivation of the account

The Customer has the right to deactivate their Account at any given time and the Customer may initiate this process by following the instructions as provided under the “Account settings” in their personal environment on the Website. Deactivation of the Account can only be honoured if the Customer does not have any open buy, trade or sell orders or any other disputes relating to their Account. When the Customer decides to deactivate their Account, Anycoin Direct will delete all Personal Information of the Customer pursuant to Art. 6 of this Privacy Policy.

7.2 Right of access

The Customer has the right to access the Personal Information collected and stored by Anycoin Direct (Art. 15 GDPR). Any such requests must be directed to the designated Data Protection Officer (DPO), otherwise the request will not be taken under advisement. The DPO has been appointed pursuant to Art. 37 para 1 lit. b GDPR.

The DPO shall take the request under advisement and provide communication to the Customer concerning; the Personal Information it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.

Anycoin Direct shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Considering the complexity and number of requests that period might be extended by two further months where necessary. In case Anycoin Direct will extend the period, the Customer will be informed within one month of receipt of the request, together with the reasons for the delay.

The Personal Information shall, in principle, be provided to the Customer, free of charge, in a structured, commonly used and machine-readable format unless the Customer specifically requests otherwise. The Customer has the right to request Personal Information, from the DPO, free of charge, once per calendar-year.

The Data Protection Officer may be contacted, via email, at:

The Customer specifically requests:

  • Access to the collected, processed and/or stored data;
  • Includes at least the following identifiable information: registered first- and last names and the registered email-address;
  • The Customer may include additional information (such as an Order ID).

A well-structured enquiry is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Information. The DPO may, at his/her own discretion, require additional information from the Customer in order to determine their identity.

7.3 Right to deletion, rectification and data portability

The Customer has the right to get his data rectified in case Anycoin Direct processes inaccurate data concerning him or her (Art. 16 GDPR). Furthermore, the Customer has the right to deletion, in case the legal requirements of this right are fulfilled, especially in case personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 GDPR). If there is a case in which personal data can be transmitted to another Controller (Art. 4 (7) GDPR), Anycoin Direct guarantees the right to data portability (Art. 20 GDPR).

8. Sub-processors

Pursuant to Art. 28 GDPR and in order to provide the services to Customers, Anycoin Direct may enter into contract with third-party processors which support, or make available, certain (parts of the) services.

Anycoin Direct will, at all times, protect the information it collects, processes or stores. Therefore, Anycoin Direct only chooses to do business with reputable companies that are transparent, approachable and are in possession of internationally recognised certificates. Furthermore, should any of these companies not have their head office located within the European Union and/or may transfer data to a facility outside the European Union, Anycoin Direct contractually safeguards that the Personal Information is only processed for the purpose following instructions by Anycoin Direct (Art. 44 & 46 GDPR). Should Anycoin Direct contract any other parties in the future, this Privacy Policy will be updated accordingly.


Name Type Country

Zendesk, Inc.
Customer support United States of America

Messagebird B.V.
Telecommunications the Netherlands

TinTel B.V.
Payment provider the Netherlands

Worldpay B.V.
Payment provider the Netherlands

LexisNexis Business

Information Solutions BV
(Enhanced) customer due diligence the Netherlands

Chainalysis Inc.
Blockchain transaction monitoring system United States of America

Email provider The Netherlands

9. Filing a complaint with the National Supervisory Authority (NSA)

Customer may file a complaint directly to the NSA (Art. 77 GDPR). Customer may choose to file a complaint to the NSA in their country or file a complaint with the Dutch NSA, which, by virtue of Anycoin Direct having legal residence in the Netherlands, will be the Lead Supervisory Authority (Art. 56 para 1-2 GDPR). Each European member state has designated a person or institution which has competences related to data protection.

The competent Dutch NSA can be reached at the following contact details:

Autoriteit Persoonsgegevens

Prins Clauslaan 60

P.O. Box 93374

2509 AJ Den Haag/The Hague

Tel.: +31 70 888 8500

Fax: +31 70 888 8501



A full overview of all the NSAs in the European Union and their contact information can be found here:

10. Cookies

Upon visiting the Website and making use of the services, certain cookies are active. Although the Cookie Policy forms part of this Privacy Policy, the Cookie Policy is available in a separate document which describes the functionalities in detail.

11. Amendments

Anycoin Direct has the right to change the content of this Privacy Policy without prior notification to its visitors and Customers. Any modification to this Privacy Policy will take immediate effect and will apply to all further contacts, visits, transactions and agreements. Notifications of such changes will be posted on the Website or any other official communication channel, when deemed necessary. Customers and visitors are, nevertheless, strongly advised to consult this Privacy Policy regularly.

12. Questions

Visitors and Customers are invited to contact Anycoin Direct with any question about this Privacy Policy.


Phone: +31 413 74 71 74

Live chat:

Release date: 20 April 2020

13. Impressum

Anycoin Direct

Marshallweg 5

5466 AH, Veghel, the Netherlands

Chamber of commerce: 59466197

TAX number: NL853504234B01