Personal Information: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Cold storage: means storage of Personal Information on a server that is not directly connected to the internet and, thus, cannot be connected with by unauthorised personnel and/or third party entities.
Sub-processor(s): means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The deployment of sub-processors relies on Art. 28 GDPR.
All other capitalised words bear the same meaning as portrayed in the General Terms: https://anycoindirect.eu/en/terms
2. Personal information and purpose of processing
2.1 Automated decision-making and profiling
Anycoin Direct hereby notifies all Customers of the existence of automated decision-making and profiling, pursuant to Art. 13 para 2 lit. f GDPR. Processing of Personal Information by automated means results in weighing the variables and adding value to the results. These endeavours are based on Art. 6 para 1 lit. c GDPR – in conjunction with the EU Anti-Money Laundering Directives and national transposition thereof. Combating money laundering and the financing of terrorism requires the implementation of an automated Risk-Based Approach (RBA). This system encompasses many of the measures in place to react to (alleged) fraudulent use, however, the system is also capable to act in a vigilant and predictive manner.
Any Customer that believes their fundamental rights have been negatively impacted by the automated decision-making, are welcomed to contact our Customer Support department for human revision.
2.2 Collection of Personal Information
The following information is collected, processed and/or stored by Anycoin Direct:
- Email-address, first- and last name, address (country, city, zip code, street number) - - mandatory information to be provided by the Customer at the time of Account creation. The Customer identifies him/herself and makes sure the information is legally correct. This information is crucial for using the services.
- Date of Birth – you must be older than 18 years old to be allowed to make use of the services.
- (Register) IP - the IP address is automatically collected and stored at the time of Account creation and/or when using the services. The IP address is part of security measures in place to safeguard (the Account of) the Customer.
- Bank account number and bank account holder - when using the services, both the bank account number and bank account holder will be associated with the Account. This makes sure that the Customer can only use his/her personal bank details when using the services. Should the Customer have a shared bank account, the Customer must provide written proof that both persons are legally authorised to use the bank account. This proof must be sent to email@example.com
- Credit card number and credit card holder – same conditions apply as to bank accounts.
- Coin address(es) - all used coin-addresses are automatically collected, processed and stored by Anycoin Direct and are continuously checked against any (prior) misuse in order to protect the Customer.
In addition, the Customer has the voluntary choice to provide additional Personal Information in order to raise the spending limits of their Account. Higher spending limits equals higher buy, sell and trade limits. Anycoin Direct processes additional Personal Information pursuant to Art. 6 para 1 lit. f GDPR for the purpose of legitimate interests which focus anti-fraud prevention. It is necessary to process additional Personal Information regarding the identity of the Customer when they pursue higher limits since higher buying, selling and trading limits are attracting fraudulent use. For ensuring a secure trading environment and protecting Anycoin Direct credibility from damage it is essential to establish and verify the identity of the Customer. In the light of the data minimisation principle, the scope of the required additional Personal Information depends on the limits pursued by the Customer.
The following information is provided voluntarily by the Customer and subsequently collected, processed and/or stored by Anycoin Direct in case the Customer applies for higher limits:
- Phone number
- Travel documents (i.e. government-issued identification document, passport or residence permit)
- Proof of Residence
- Video-verification recording
- Source of Funds
Anycoin Direct retains the right to, in light of providing adequate customer support, request the Customer to verify his/her identity.
2.3 Enhanced Due Diligence (EDD)
Anycoin Direct retains the right to subject Customers to an EDD procedure, in the event Anycoin Direct is obligated by law in accordance with Art. 6 para 1 lit. c GDPR to do so, in particular by Anti Money Laundering legislation, or when it has reasons to believe EDD is a necessity for prolongation of the business relationship with a Customer. Please see Art. 7 para 2 lit. (d)(e) General Terms for detailed explanation.
2.4 Information collected, processed and/or stored when requiring Customer support
For adequate Customer support, Anycoin Direct has employed the Zendesk, Inc. platform. Zendesk, Inc. (Zendesk) serves as a Sub-processor of certain Personal Information as it collects, processes and stores that information to make sure the best support can be given by Anycoin Direct. Since Zendesk Inc. is a certified member of the EU-US Privacy Shield, an adequate level of data protection is ensured.
2.4.1 The following information is collected, processed and/or stored by Zendesk, Inc.
- Past visits
- Past chats
If a Customer requires customer support via the live chat on the Website, the Customer will receive a transcript of those proceedings automatically. Also, the Customer is free to use the function to extract the transcript after each live chat.
3. Confidentiality and Transfer of Personal Data
Anycoin Direct respects the privacy of all its visitors and Customers.
Therefore, Anycoin Direct will never transfer, sell, rent, lease or otherwise make available, personal data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies (all Art. 6 para 1 lit. c GDPR) and/or to protect Anycoin Direct’ financial position in case of fraudulent orders or default payments (Art. 6 para 1 lit. f GDPR). Should a disclosure request be addressed to Anycoin Direct, Anycoin Direct will notify the Customer without undue delay - unless Anycoin Direct is prohibited from doing so. In all cases the data request shall be individually focussed and substantiated.
Please also see Art. 10 General Terms.
4. Know Your Customer
Like all companies active in the financial sector, Anycoin Direct obliges itself to the Know Your Customer ("KYC") principle. The KYC process includes a number of verification steps, depending on the range of services desired. The KYC-policy is further explained in Art. 7 para. 1-3 General Terms.
5. Use of information
Anycoin Direct can use the information provided by the Customer for a number of purposes, e.g.:
- Sending functional emails, e.g. to provide login information.
- For the improvement of the services and for the development of the Platform as a whole.
- Incidental promotion of news related to the services of Anycoin Direct. All Customers may manually subscribe to these emails.
- Incidental emails to improve the cooperation between the Customer and Anycoin Direct.
- The performance of the services by trusted employees of Anycoin Direct requested by the Customer as offered by Anycoin Direct.
6. Security and retention period
Various security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Access to the data is protected by passwords and additional 2-factor authentication. Within Anycoin Direct only specifically authorized staff members have access to the confidential data.
The safety measures are reviewed in accordance with legal and technical developments.
Identifiable information required for the services of Anycoin Direct will be saved if necessary. All data is stored (offline) for 5 (five) years after deactivation of a Customer Account, in line with the General Data Protection Regulation as well as the Fourth Anti-Money Laundering Directive and any subsequent or supplementary Union or national law. Regular inspections by Anycoin Direct’ compliance-department and third party specialists warrant that Anycoin Direct data security and safety measures are up to standards.
7. Customer rights and obligations in relation to Personal Information
7.1 Right to object
Regarding Personal Information processed due to our legitimate interest (Art. 6 para 1 lit. f GDPR), the Customer has the right to object processing such data at any time (Art. 21 GDPR). However, Anycoin Direct may process additional Personal Information despite the Customer’s objection when Anycoin Direct can demonstrate compelling legitimate grounds (e.g. exercise or defence of legal claims).
7.1.1 Deactivation of the account
7.2 Right of access
The Customer has the right to access the Personal Information collected and stored by Anycoin Direct (Art. 15 GDPR). Any such requests must be directed to the designated Data Protection Officer (DPO), otherwise the request will not be taken under advisement. The DPO has been appointed pursuant to Art. 37 para 1 lit. b GDPR.
The DPO shall take the request under advisement and provide communication to the Customer concerning; the Personal Information it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.
Anycoin Direct shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Considering the complexity and number of requests that period might be extended by two further months where necessary. In case Anycoin Direct will extend the period, the Customer will be informed within one month of receipt of the request, together with the reasons for the delay.
The Personal Information shall, in principle, be provided to the Customer, free of charge, in a structured, commonly used and machine-readable format unless the Customer specifically requests otherwise. The Customer has the right to request Personal Information, from the DPO, free of charge, once per calendar-year.
The Data Protection Officer may be contacted, via email, at: firstname.lastname@example.org
The Customer specifically requests:
- Access to the collected, processed and/or stored data;
- Includes at least the following identifiable information: registered first- and last names and the registered email-address;
- The Customer may include additional information (such as an Order ID).
A well-structured enquiry is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Information. The DPO may, at his/her own discretion, require additional information from the Customer in order to determine their identity.
7.3 Right to deletion, rectification and data portability
The Customer has the right to get his data rectified in case Anycoin Direct processes inaccurate data concerning him or her (Art. 16 GDPR). Furthermore, the Customer has the right to deletion, in case the legal requirements of this right are fulfilled, especially in case personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 GDPR). If there is a case in which personal data can be transmitted to another Controller (Art. 4 (7) GDPR), Anycoin Direct guarantees the right to data portability (Art. 20 GDPR).
Pursuant to Art. 28 GDPR and in order to provide the services to Customers, Anycoin Direct may enter into contract with third-party processors which support, or make available, certain (parts of the) services.
|Customer support||United States of America|
|Payment provider||the Netherlands|
|Payment provider||the Netherlands|
Information Solutions BVhttps://www.lexisnexis.com/
|(Enhanced) customer due diligence||the Netherlands|
|Blockchain transaction monitoring system||United States of America|
|Email provider||The Netherlands|
9. Filing a complaint with the National Supervisory Authority (NSA)
Customer may file a complaint directly to the NSA (Art. 77 GDPR). Customer may choose to file a complaint to the NSA in their country or file a complaint with the Dutch NSA, which, by virtue of Anycoin Direct having legal residence in the Netherlands, will be the Lead Supervisory Authority (Art. 56 para 1-2 GDPR). Each European member state has designated a person or institution which has competences related to data protection.
The competent Dutch NSA can be reached at the following contact details:
A full overview of all the NSAs in the European Union and their contact information can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Phone: +31 413 74 71 74
Live chat: https://anycoindirect.eu/
Release date: 20 April 2020
5466 AH, Veghel, the Netherlands
Chamber of commerce: 59466197
TAX number: NL853504234B01