PRIVACY POLICY of Phoenix Payments B.V.
1 Scope
This Privacy Policy applies to all Customers and users of the services of Phoenix Payments B.V. (hereafter referred to as “Phoenix”) and all visitors of the www.anycoindirect.eu website ("Website"), property of Phoenix. The Privacy Policy is complementary to the Terms of Use. The Cookie Policy is part of this Privacy Policy. Although you might view this Privacy Policy in a language other than Dutch, the Dutch text is leading and binding.
1.1 Definitions
Personal Information: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject: means an individual who is the subject of Personal Information. In this Privacy Policy references to a Data Subject could be made with ‘visitor(s)’, ‘Customer(s)’ and/or ‘user(s)’, yet they bear the same meaning.
cold storage: means storage of Personal Information on a server that is not directly connected to the internet and, thus, cannot be connected with by unauthorised personnel and/or third party entities.
Sub-processor(s): means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
All other capitalised words bear the same meaning as portrayed in the Terms of Use: https://anycoindirect.eu/home/termsofuse
1.2 Personal information and purpose of processing
During Account creation and registration, the Customer is obligated to provide certain Personal Information. This data, as described below, serve to identify the Customer and are the minimum requirements following European and/or national laws and regulations.
The Customer must, during registration, take note of the Privacy Policy and complete a confirmatory action by which permission for the collection, processing and/or storage of the minimum requirements is recorded by Phoenix.
French law dictates and obligates Phoenix to require Customers with a French nationality to upload an identification document as well as a proof of residence, before these Customers may make use of the Services.
The following information is collected, processed and/or stored by Phoenix:
- Email-address, first- and last name, address (country, city, zip code, street number) - mandatory information to be provided by the Customer at the time of Account creation. The Customer identifies him/herself and makes sure the information is legally correct. This information is crucial for using the Services.
- (Register) IP - the IP address is automatically collected and stored at the time of Account creation and/or when using the Services. The IP address is part of security measures in place to safeguard (the Account of) the Customer.
- Bank account number and bank account holder - when using the Services, both the bank account number and bank account holder will be associated with the Account. This makes sure that the Customer can only use his/her personal bank details when using the Services. Should the Customer have a shared bank account, the Customer must provide written proof that both persons are legally authorised to use the bank account. This proof must be sent to support@anycoindirect.eu
- Coin address(es) - all used coin-addresses are automatically collected, processed and stored by Phoenix and are continuously checked against any (prior) misuse in order to protect the Customer.
In addition, the Customer has the voluntary choice to provide additional Personal Information in order to step up the level of their Account. A higher level equals higher buying and selling limits.
If a Customer has chosen to provide additional Personal Information, and when it has been verified and validated by Phoenix employees, this data will constitute an addendum to the Agreement and the Services (as explained in the Terms) from the moment of awarding the higher level.
This means that the Customer gives permission for adding the additional Personal Information to his/her Account. It is a necessity for the Customer to have a functioning Account in order to use the Services as provided by Phoenix. The partial withdrawal of consent for the collection, processing and/or storage of Personal Information is therefore not possible - as this would result in an unreasonable and disproportionate burden on the business operations of Phoenix.
Withdrawal of consent is, thus, only possible by means of termination of the Account. See also ‘paragraph 6.2 Withdrawing permission' later in this Privacy Policy.
The Customer must, prior to providing the additional Personal Information, take note of the Privacy Policy and, per component, complete a confirmatory action by which permission to the collection, processing and/or storage of the additional Personal Information is recorded by Phoenix.
The following information is provided voluntarily by the Customer and subsequently collected, processed and/or stored by Phoenix:
- Phone number - to upgrade the Account to level 2 or if necessary to make use of certain payment methods.
- Identification Documents (such as; government-issued ID, passport) - to upgrade their Account to level 3 or, in the case a French national wishes to use our Services, is mandatory to use certain payment methods. The Customer may, and is encouraged, to black out the citizen service number and to place a watermark over the document. The documents are stored in cold storage.
- Proof of Residence - to upgrade their Account to level 4. A valid Proof of Residence is a letter or receipt from an official institution on which the full first- and last name and the address is clearly visible. The Proof of Residence may not be older than 3 months. The document is stored in cold storage.
- Video-validation recording - to upgrade their Account to level 5 the Customer may undergo a video-validation. This conversation will be recorded in order to comply with anti money laundering laws and the Know Your Customer principle. The recordings are stored in cold storage.
- Source of Funds - should the limits as associated with a level 5 Account be deemed insufficient, the Customer may provide a Source of Funds. This document will only be used to determine the legitimacy of the accrued income and whether the Customer qualifies for higher limits. The Source of Funds will be associated with the Account and be stored in cold storage.
Phoenix retains the right to, in light of providing adequate customer support, request the Customer to verify his/her identity.
1.3 Legal persons and partnerships
The following information is collected, processed and/or stored by Phoenix:
- Official document from the national commercial register
- Customer is advised to upload this document in their Account dashboard
- Customer must also provide this document via support@anycoindirect.eu, in the event this is requested by an employee
- This document must clearly present the name of the owner and/or legal representative of the company
- In the event the company is a wholly, or partly, subsidiary of another company, must the client present Phoenix with another document stating that the Customer is the owner and/or legal representative of the controlling company
- Address of the registered office or principal place of business or the business address indicated in the commercial register
- Registration number
1.4 Enhanced Due Diligence (EDD)
Phoenix retains the right to subject Customers to an EDD procedure, in the event Phoenix is obligated by law to do so or when it has reasons to believe EDD is a necessity for entering into a business relation with a Customer.
EDD procedures encompasses, among others: video-verification; inspection of the transparency register; establishing whether the Customer is a politically exposed person; establishing whether the Customer is listed on a sanction-list.
1.5 Information collected, processed and/or stored when requiring Customer support
For adequate Customer support, Phoenix has employed the Zendesk, Inc. platform. Zendesk, Inc. (Zendesk) serves as a Sub-processor of certain Personal Information as it collects, processes and stores that information to make sure the best support can be given by Phoenix.
For a further explanation on Sub-processors, please see paragraph 8 of this Privacy Policy.
1.5.1 The following information is collected, processed and/or stored by Zendesk, Inc.
- Name
- Email-address
- Past visits
- Past chats
- Location
- Browser
- Platform
- Device
- IP-address
- Date
- Time
- Message
If Customer requires customer support via the live chat on the Website, the Customer will receive a transcript of those proceedings automatically. Also, the Customer is free to use the function to extract the transcript after each live chat.
2. Confidentiality
Phoenix respects the privacy of all its visitors and Customers. Therefore, Personal Information, privacy and the information needed for the prevention of fraud, money laundering and financing terrorism are constantly carefully weighed within the limits of legislation and regulations.
Information provided to Phoenix by visitors and Customers remain classified and will not be shared with any third party, unless i) court order forces Phoenix to provide confidential data and ii) in the event of fraud or undesired actions, provided such data requests are individually focused and substantiated.
3. Know Your Customer
Like all companies active in the financial sector, Phoenix obliges itself to the Know Your Customer ("KYC") principle. The KYC process includes a number of verification steps, depending on the range of services desired. The KYC-policy is further explained in paragraph 9 of the Terms.
4.Use of information
Phoenix can use the information provided by the Customer for a number of purposes, e.g.:
- Sending functional emails, e.g. to provide login information.
- Incidental promotion of news related to the services of Phoenix. All Customers may manually subscribe to these emails. This can be done through this URL.
- Incidental emails to improve the cooperation between the Customer and Phoenix.
- The performance of the Services by trusted employees of Phoenix requested by the Customer as offered on the Website.
5. Security and retention period
Various security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Access to the data is protected by a password and an additional 2-factor authentication. Within Phoenix only specifically authorized staff members have access to the confidential data.
The safety measures are reviewed in accordance with legal and technical developments. Notifications will be posted on the Website.
Identifiable information required for the services of Phoenix will be saved if necessary. All data is stored offline for 5 (five) years after termination of a Customer Account, in line with the General Data Protection Directive as well as the Fourth Anti-Money Laundering Directive and any subsequent or supplementary Union or national law. Regular inspections by Phoenix’s compliance-department and third party specialists warrant that Phoenix data security and safety measures are up to standards.
6. Customer rights and obligations in relation to Personal Information
6.1 Consent
By virtue of agreeing to the Privacy Policy, the Customer unequivocally consents to the provision, collection and/or storage of Personal Information required to use the services as provided by Phoenix.
The Customer specifically consents to the collection, processing and/or storage of Personal Information as stipulated under ‘paragraph 1.2 Personal Information and purpose of processing’ in this Privacy Policy.
The Customer also recognises that Phoenix collects, processes and/or stores such Personal Information in accordance with the General Data Protection Regulation as well as the Fourth Anti-Money Laundering Directive and any subsequent or complementary Union or national law.
6.2 Withdrawal of consent
The Customer is free to withdraw consent at any given time, however, the Customer also recognises that the withdrawal of consent does not affect the lawfulness of processing based on given consent prior to withdrawal.
If the Customer withdraws consent in relation to the collection and processing of Personal Information - where such information is crucial to the execution of the business relationship between the Customer and Phoenix - the Customer, effectively, requests for their Account to be terminated as this would inhibit Phoenix to adhere to Union or member state law.
Following ‘paragraph 1.2 Personal Information and purpose of processing’ and specifically the provision and giving consent with regards to additional Personal Information: although the act of giving consent implies the right to withdraw such consent, the sporadic withdrawal of consent for collection, processing and/or storage of additional Personal Information would unreasonably disrupt business processes. In order to ensure a process that is as flawless as possible, the provided additional Personal Information becomes an inherent part of the Account of the Customer. By this very fact follows that partial withdrawal of consent is not possible. Should a Customer wish to withdraw consent, the Customer should terminate the Account.
6.3 Termination of the account
The Customer has the right to terminate their Account at any given time and the Customer may initiate this process by following the instructions as provided under the “Account settings” in their personal environment on the Website. Termination of the Account can only be honoured if the Customer does not have any open buy- or sell orders or any other disputes relating to their Account.
Phoenix recognises the termination of the Account as a valid request for withdrawal of consent.
6.4 Right of access
The Customer has the right to access the Personal Information collected and stored by Phoenix. Any such requests must be directed to the designated Data Protection Officer (DPO), otherwise the request will not be taken under advisement. The DPO shall take the request under advisement and provide communication to the Customer concerning; the Personal Information it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.
Phoenix shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Furthermore, Phoenix has the right to further extend the aforementioned period with 2 (two) months, provided the Customer has been notified of this within the original timeframe.
The Personal Information shall, in principle, be provided to the Customer, free of charge, in a structured, commonly used and machine-readable format unless the Customer specifically requests otherwise. The Customer has the right to request Personal Information, from the DPO, free of charge, once per calendar-year.
The Data Protection Officer may be contacted, via email, at: privacy@anycoindirect.eu
The Customer specifically requests access to the collected, processed and/or stored data and includes at least the following identifiable information: registered first- and last names and the registered email-address. The Customer may include additional information (such as an Order ID). This is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Information. The DPO may, at his/her own discretion, require additional information from the Customer in order to determine their identity.
7. Transfer of Personal Information
Phoenix will never transfer, sell, rent, lease or otherwise make available, personal data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies and/or to protect Phoenix' financial position in case of fraudulent orders or default payments. Should such a request be made to Phoenix, Phoenix will notify the Customer without undue delay - unless Phoenix is prohibited from doing so.
8. Sub-processors
In order to provide the Services to Customers, Phoenix may enter into contract with third-party processors which support, or make available, certain (parts of the) Services.
Phoenix will, at all times, protect the information it collects, processes or stores. Therefore, Phoenix only chooses to do business with reputable companies that are transparent, approachable and are in possession of internationally recognised certificates. Furthermore, should any of these companies not have their head office located within the European Union and/or may transfer data to a facility outside the European Union, Phoenix contractually safeguards that the Personal Information is only processed for the purpose following instructions by Phoenix. Should Phoenix contract any other parties in the future, this Privacy Policy will be updated accordingly. Phoenix distinguishes two categories of Sub-processors: Infrastructure Sub-processors and Service specific Sub-processors:
Infrastructure Sub-processors:
|
Name |
Type |
Country |
|
Microsoft Azure |
Cloud Service Provider |
United States of America |
|
Centric IT |
Infrastructure safeguarding |
the Netherlands |
|
True B.V. |
Webhosting |
the Netherlands |
Service specific Sub-processors:
|
Name |
Type |
Country |
|
Zendesk, Inc. |
Customer support |
United States of America |
|
Messagebird B.V. |
Telecommunications |
the Netherlands |
|
TinTel B.V. |
Payment provider |
the Netherlands |
|
LexisNexis Business Information Solutions BV |
(Enhanced) customer due diligence |
the Netherlands |
9. Filing a complaint with the National Supervisory Authority (NSA)
Customer may file a complaint directly to the NSA. Customer may choose to file a complaint to the NSA in their country or file a complaint with the Dutch NSA, which, by virtue of Phoenix having legal residence in the Netherlands, will be the Lead Supervisory Authority. Each European member state has designated a person or institution which has competences related to data protection. The NSA can be reached at the following contact details:
|
Autoriteit Persoonsgegevens |
A full overview of all the NSAs in the European Union and their contact information can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
10. Cookies
Upon visiting the Website and making use of the Services, certain cookies are active. Although the Cookie Policy forms part of this Privacy Policy, the Cookie Policy is available in a separate document which describes the functionalities in detail.
11. Amendments
Phoenix has the right to change the content of this Privacy Policy without prior notification to its visitors and Customers. Any modification to this Privacy Policy will take immediate effect and will apply to all prior contacts, visits, transactions and agreements. Notifications of such changes will be posted on the Website or any other official communication channel. Customers and visitors are, nevertheless, strongly advised to consult this Privacy Policy regularly.
12. Questions
Visitors and Customers are invited to contact Phoenix with any question about this Privacy Policy.
Mail: support@anycoindirect.eu / privacy@anycoindirect.eu
Phone: (+31) - (0)800-2692646
Live chat: www.anycoindirect.eu
Release date: 12 June 2018
13. Impressum
- Phoenix Payments B.V.
-
Contact:
Phoenix Payments B.V.
Marshallweg 5
5466 AH, Veghel, the Netherlands
support@anycoindirect.eu - Chamber of Commerce: 59466197
- VAT number: NL853504234B01