Personal Data Any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processor A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
All other capitalised words bear the same meaning as portrayed in the General Terms: https://anycoindirect.eu/en/terms
Article 1.1 – Personal Data and purpose of processing
Anycoin Direct can process Personal Data on the basis of the following grounds:
- The processing is necessary for the performance of a contract between you and Anycoin Direct;
- The processing is necessary for compliance with legal obligations;
- You have given consent to the processing of Personal Data;
- The processing is necessary for the purpose of legitimate interests.
Article 1.2 – Automated decision-making and profiling
Anycoin Direct hereby notifies you of the existence of automated decision-making and profiling. Processing of Personal Data by automated means results in weighing variables and adding value to the results. These endeavours are based on a legal obligation – in conjunction with the Anti-Money Laundering Directives of the European Union and national transposition thereof. Combating money laundering and the financing of terrorism requires the implementation of an automated Risk-Based Approach (RBA). This system encompasses many of the measures in place to react to (alleged) fraudulent use, however, the system is also capable to act in a vigilant and predictive manner. If you believe that your fundamental rights have been negatively impacted by the automated decision-making, you are welcomed to contact our Customer Support department for human revision. Anycoin Direct complies with article 22 of the GDPR.
Article 2.1 – Collection of Personal Data
The information below is collected, processed and/or stored by Anycoin Direct. The data is stored in the Platform including the Website and Anycoin Direct App:
- Email address, first- and last name, address (county, city, zip code, street and number)
Mandatory information to be provided by you at the time of Account creation. You identify yourself and make sure the information is legally correct. This information is crucial for using the Services.
- Date of birth
You must be at least eighteen (18) years old to use the Services.
- Register IP
The IP address is automatically collected and stored at the time of Account creation and/or when using the Services. The IP address is part of security measures in place to safeguard your Account.
- Bank account number and bank account holder
When using the Services, both the bank account number and bank account holder will be associated with the Account. This makes sure that you can only use your personal bank account when using the Services. Should you have a shared bank account, you must provide written proof that both persons are legally authorised to use the bank account.
- Credit card number and credit card holder
The same conditions apply as to bank accounts.
All used coin-addresses are automatically collected, processed and stored by Anycoin Direct and are continuously monitored for possible (previous) use to protect the security and Integrity of the platform.
- Phone number
We ask your phone number for security and verification of your Account, the possibility to set up 2FA and possibly contact you.
For verification purposes enter: ‘female’, ‘male’, ‘other’ or ‘not disclosed’.
- Verification questions
Based on laws and regulations Anycoin Direct may ask you risk based verification questions. The answers will be processed and stored in your Account. Questions may include your financial situation such as employment status and income.
- Travel document
To establish and verify your identity, Anycoin Direct is required to process a copy of your identification document.
- Dit kan een door een erkende overheid uitgegeven identificatiebewijs, paspoort of verblijfsvergunning zijn;
- Indien u een verblijfsvergunning bezit, vragen we u ook een kopie van uw originele paspoort te verstrekken;
- Indien u in Nederland of Oostenrijk woonachtig bent, is het mogelijk een geldend rijbewijs uit uw land te verifiëren.
- Complaints in complaint register
If you file a complaint with Anycoin Direct, the description of your compliant and any Personal Data you provide will be recorded in a complaint register.
- Proof of residence
If you reside in Austria, you are obliged to provide proof of residence. If you live in another country which is member of SEPA and/or the European Union (EU), the proof of residence is voluntary in order to obtain higher limits.
- Vault balance
We keep track of the balance in your Vault. To do this, we process your volume per cryptocurrency, volume in EUR and totals.
- Recordings of telephone and/or video calls
We process and store video and audio recordings of conversations between you and Anycoin Direct.
You have the voluntary choice to provide additional Personal Data in order to raise the spending limits of your Account. Higher spending limits equals higher buy, sell and trade limits. Anycoin Direct processes additional Personal Data for the purpose of legitimate interests which focus anti-fraud prevention. It is necessary to process additional Personal Data regarding the identity of the Customer when they pursue higher limits since higher buying, selling and trading limits are attracting fraudulent use. For ensuring a secure trading environment and protecting Anycoin Direct from damage it is essential to establish and verify your identity. In the light of the data minimisation principle, the scope of the required additional Personal Data depends on the limits pursued by you.
You can provide the following information voluntarily and these are subsequently collected, processed and/or stored by Anycoin Direct in case you apply for higher limits:
- Video verification recording
- Source of funds
All other Personal Data provided by you directly or indirectly to Anycoin Direct will be deemed to have been provided voluntarily and with implied consent. Providing unsolicited (possibly special categories of) Personal Data is your own responsibility and own risk. Anycoin Direct will not be liable for the processing of such Personal Data. This data includes but is not limited to your BSN, financial and/or criminal information on proof of lawful residence or Personal Data of other individuals who do not have an Account with Anycoin Direct. You may mask this Personal Data when providing requested documents. Anycoin Direct may decide to use both the additional and this voluntarily provided (Personal) Data for internal purposes.
Anycoin Direct reserves the right, in order to provide adequate customer support, to ask you to prove your identity.
Article 2.2 - Customer Due Diligence and KYC
Anycoin Direct as a financial institution is required to adhere to the "Know Your Customer" (KYC) principle and perform Customer Due Diligence in accordance with European and National laws and regulations. The CDD and KYC process includes a number of verification steps, depending on the scope of Services required. The Know Your Customer policy is further explained in Article 7 of the Terms and Conditions. Some of your Personal Data (listed in Article 2.1) will need to be processed and retained by Anycoin Direct to comply with CDD and KYC obligations.
Article 3 – Confidentiality and transfer of Personal Data
Anycoin Direct respects the privacy of all its visitors and Customers. Anycoin Direct may transfer, share or otherwise make Personal Data available to related entities within the Anycoin Direct group.
Anycoin Direct will not transfer, sell, rent, lease or otherwise make available, Personal Data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies (article 6 para 1 lit. c GDPR) and/or to protect Anycoin Direct’ financial position in case of fraudulent orders or default payments. Should a disclosure request be addressed to Anycoin Direct, Anycoin Direct will notify you without undue delay - unless Anycoin Direct is prohibited from doing so. Please also see Art. 10 General Terms.
Article 4 – Use of information
Anycoin Direct can use the information you provided for number of purposes, e.g.:
- Sending functional emails, e.g. to provide login information.
- For the improvement of the Services and development of the Platform.
- Incidental promotion of news related to the Services of Anycoin Direct.
- Incidental emails to improve the cooperation between you and Anycoin Direct.
- The performance of the by you requested Services, offered by Anycoin Direct, by qualified employees of Anycoin Direct.
- Sending emails for marketing purposes and notices required to be received for use of the Services.
- Having payments made to and from the Vault by Anycoin Direct Hodling Services Foundation. In this case the IBAN and name of the Customer will be processed by the Foundation.
- The prevention of abuse of the Platform with fraudulent transactions and/or aimed at money laundering and/or terrorist financing.
- To detect fraud, illegal activities or infringements in respect of the Services.
- Compliance with applicable laws and regulations.
- Processing Order and payments.
- Responding to your messages and/or questions via chat, email or telephone.
- Administration for any claims or legal disputes.
- Contacting you via chat, email of telephone for your review and feedback on our Services.
Article 5 – Security
At Anycoin Direct we take various security measures to process and store Personal data in a safe way. These security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Legal obligations require us to store certain Personal Data. The data is stored securely offline and online. In order to do this as effectively as possible, we have recruited a certified reputable partner who continues to optimize the security and processes surrounding it in accordance with the latest knowledge and updates. External parties do not have access to this data. Only authorized employees have access to Personal Data to perform the task for which this Personal Data was requested. Their accesses are logged. Furthermore, the online and offline accesses are secured with uniquely generated passwords and cannot be accessed without additional Two-factor authentications.
Article 6 – Retention period
Your Personal Data will be saved and stored if necessary. All data should be retained for a certain period of time after deletion of the customer account, in line with the General Data Protection Regulation and the Anti-Money Laundering Directives and any subsequent or additional Union or national legislation. Anycoin Direct applies the following legal retention periods:
- A period of 5 (five) years, with the exception of customers residing in Austria;
- A period of 10 (ten) years for the Personal Data of customers residing in Austria, pursuant to Article 21 FM-GWG.
Regular inspections by Anycoin Direct’s compliance department and third party specialists warrant that Anycoin Direct data security and safety measures are up to standards.
Article 7 – Rights and obligations in relation to Personal Data
Article 7.1 – Deletion of the Account
You have the right to delete your Account at any time. You can initiate this process by following the instructions provided under "Account Settings" in your personal Account on the Platform. The Account can only be deleted if you have no outstanding purchase, sales or trading Orders or balances in the Vault and no disputes exist in relation to your Account.
Article 7.2 – Right of access
You have the right to access the Personal Data collected and stored by Anycoin Direct (Art. 15 GDPR). Any requests must be directed to the designated Data Protection Officer (DPO).
The DPO shall take the request under advisement and provide communication to you concerning; the Personal Data it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.
Anycoin Direct shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Considering the complexity and number of requests that period might be extended by two further months where necessary. In case Anycoin Direct will extend the period, you will be informed within one month of receipt of the request, together with the reasons for the delay.
The Personal Data shall, in principle, be provided to you, free of charge, in a structured, commonly used and machine-readable format unless you specifically request otherwise. You have the right to request Personal Data, from the DPO, free of charge, once per calendar-year.
The Data Protection Officer may be contacted, via email: email@example.com
- May request access to the collected, processed and/or stored data;
- Include at least the following identifiable information with your request: registered first- and last names and the registered email-address;
- May include additional information (such as an Order ID).
A well-structured enquiry is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Data. The DPO may require additional information from you in order to determine your identity.
Article 7.3 – Right to deletion, rectification and data portability
You have the right to get your data rectified in case Anycoin Direct processes inaccurate data concerning you (Art. 16 GDPR). Furthermore, you have the right to deletion, in case the legal requirements of this right are fulfilled. If there is a case in which Personal Data can be transmitted to another Controller, Anycoin Direct guarantees the right to data portability (Art. 20 GDPR).
You can submit a request to the Data Protection Officer by sending an email to: firstname.lastname@example.org. The following information must be sent with the request:
- First and last name/names registered with Anycoin Direct;
- Email address registered with Anycoin Direct.
If your name and/or email address do not match a customer account, the request cannot be granted.
Article 7.4 – Right to object
With regard to Personal Data processed for legitimate interests, you have the right to object to the processing at any time.
Article 8 – Processors
Pursuant to Art. 28 GDPR and in order to provide our Services to you, Anycoin Direct may enter into contract with third-party processors which support, or make available, certain (parts of the) Services.
Anycoin Direct will, at all times, protect the information it collects, processes or stores. Therefore, Anycoin Direct only chooses to do business with reputable companies that are transparent, approachable and are in possession of internationally recognised certificates. Furthermore, if any of these processors is not based in the European Union and/or may transfer data to a facility outside the European Union, Anycoin Direct contractually safeguards that the Personal Data is only processed for the purpose following instructions by Anycoin Direct.
Anycoin Direct uses the Services of the following categories of Processors:
- Payment service provider;
- Data servers;
- Hosting parties;
- Enterprise software;
- Customer support software provider;
- Verification and identification partner;
- Transaction monitoring system provider;
- Telecommunications service providers;
Article 9 – Complaints
If you are not satisfied with the processing of your Personal Data or the handling of your privacy at Anycoin Direct, you may file a complaint with the Data Protection Officer at: email@example.com
You can also complain directly to the national Supervisory Authority. You can choose to file a complaint with the Supervisory Authority in your country of residence or with the Dutch Personal Data Authority.
The competent Dutch Supervisory Authority can be reached as follows:
Prins Clauslaan 60
2509 AJ Den Haag
Tel.: +31 70 888 8500
Fax: +31 70 888 8501
As Anycoin Direct is registered with the Austrian Financial Market Authority, customers residing in Austria may (also) file a complaint regarding the processing of their Personal Data with the Austrian supervisory authority.
Tel. +43 1 531 15 202525
Fax +43 1 531 15 202690
A full overview of all the NSA in the European Union and their contact information can be found here: europa.eu
Article 10 - Cookies
Article 11 - Amendments
Article 12 – Questions
Email: firstname.lastname@example.org / email@example.com
Phone number: +31 413 74 71 74
Live chat: https://www.anycoindirect.eu
Article 13 – Company information
Phoenix Payments B.V. (Operating under name of: Anycoin Direct)
5466 AH, Veghel, Nederland
Chamber of Commerce: 59466197
Tax number: NL853504234B01
Date of publication: 1 October 2022