Coinfinity GmbH's privacy policy
Version as of 17 July 2024
Information on the collection of personal data
Your data will be processed exclusively on the basis of the GDPR, the DSG and the TKG.
In the following we inform you about the collection of your personal data. Personal data is all data that can be related to you personally, e.g: Name, personal e-mail addresses, IP addresses, telephone numbers etc.
The responsible body according to article 4 (7) of the General Data Protection Regulation (GDPR) is Coinfinity GmbH, Managing Directors: Max Tertinegg, Dr. Stefan Grill
Address: Griesgasse 10, 8020 Graz, Austria
Telephone: +43 316 711 744
E-mail: office@coinfinity.co
The following applies to interested parties, business partners, customers and suppliers:
We store the data from you that is required for the mutual fulfilment of the contract. These are the following data categories: Customer or supplier master data, contact data of your employees, contract data or those data that you send us, e.g. by e-mail. The data will be deleted by us as soon as storage is no longer required or statutory retention obligations have expired.
Data will only be passed on to third parties - except in cases prescribed by law - with your consent or to contractually bound processors.
Legal basis: Article 6 (1) lit b, c, f; for sensitive data article 9 (2) lit g GDPR, when obtaining consent article 6 (1) lit a GDPR and article 9 lit a GDPR.
This privacy policy relates exclusively to the website www.coinfinity.co maintained by Coinfinity. If you are redirected to other websites via links on our website, please inform yourself directly on the target page about the respective handling of your data. We cannot accept any responsibility or liability for the content of third-party websites linked to our website.
Collection of personal data when using our services
Use of our website and the "Coinfinity - Buy Bitcoin" app
Every time you access content on our website or our app, data is temporarily stored that your browser transmits to our server and that may allow you to be identified. The following data is collected:
- IP address
- Host name of the accessing computer
- Website from which the website was accessed
- Websites that are accessed via the website
- Visited page on our website
- Message as to whether the retrieval was successful
- Amount of data transferred
- Information about the browser type and version used
- Information about the mobile device, browser type, device type and unique device identification nr.
- Operating system
- Extended public key of your wallet created in the ‘Coinfinity - Buy Bitcoin’ app (xpub or zpub)
The temporary storage of the data is necessary for the course of a visit to the website or the use of the app in order to enable delivery of the website or app. Further storage in log files takes place to ensure the functionality of the website or app and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes (Art. 6 para. 1 lit f GDPR).
Register, buy or sell via coinfinity.co and/or via the "Coinfinity - Buy Bitcoin" app
Before buying or selling cryptocurrencies via coinfinity.co and the ‘Coinfinity - Buy Bitcoin’ app, you must register on the website or in the app and then (in accordance with Section 6 FM-GwG) positively complete a ‘Know your customer’ verification procedure (hereinafter ‘KYC’).
This verification may be carried out by an external service provider who carries out this process. As part of this registration or KYC verification and the subsequent order of cryptocurrencies (purchase or sale), the following personal data is collected First name, surname, address data, date of birth, bank details, tax identification number, e-mail address, telephone number, deposit and withdrawal address, data on the status of politically exposed persons, details for verification of residence, details of or proof of financial resources insofar as these are required to prove the origin of funds, as well as ID data (submission of a copy of ID to carry out a KYC verification).
When you create a wallet in the "Coinfinity - Buy Bitcoin" app, the extended public key (xpub or zpub) of your wallet is transferred to Coinfinity and saved.
In addition to the actual verification data (e.g. images of ID documents and ID data from these, location, status of politically exposed persons, video data, etc.), biometric data (e.g. personal data resulting from specific technical processing in connection with the physical, physiological or behavioural characteristics of a person and enabling the unambiguous identification of a person, e.g. facial images, dactyloscopic data) are also collected for identity verification using the video ID procedure. In accordance with article 9 GDPR, such data fall into the category of special personal data, as they reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, or are genetic and biometric data. We process your data on the basis of your express consent, which you can revoke at any time. This sensitive data is also processed and stored by us on the basis of the public interest for the purpose of combating fraud in accordance with article 9 (2) lit g GDPR and Section 21 (6) FmGwG.
The personal data is required by us for the fulfilment of the contract and for the fulfilment of legal requirements (article 6 (1) lit b GDPR, article 6 (1) lit c GDPR) as well as for the purpose of traceability of visitors, checking the effectiveness of advertising measures, for the display of targeted advertising elements and messages and for the purpose of security and improving the quality of our offer based on our legitimate interest (article 6 (1) lit f GDPR). Contact is made exclusively via e-mail addresses provided by the customer themselves. It is possible to unsubscribe from targeted advertising messages by clicking the ‘Unsubscribe’ button at the end of each customer information we send.
We delete the data arising in this context after the storage is no longer necessary or after statutory retention obligations or periods under the Financial Markets Money Laundering Act have expired.
Newsletter
You also have the option of subscribing to our newsletter on our website. The newsletter is sent exclusively to e-mail addresses provided by interested parties themselves (article 6 (1) lit a GDPR). If you no longer wish to receive the newsletter, you can unsubscribe at any time by clicking on the ‘Unsubscribe’ button at the end of each newsletter we send. The data collected for sending the newsletter will be deleted after any cancellation, unless otherwise provided by law and unless the data is processed on a separate legal basis.
Support
We use Intercom, a tool from Intercom R&D Unlimited Company, Stephen Court, 18-21 Saint Stephens Green, Dublin 2, Ireland, for our online support and for sending e-mails. Technical connection data (IP address, date/time of access, pages accessed, browser information) as well as information about your enquiries and contact details (name, e-mail address) are processed. Although the use of Intercom does not require consent, the processing of your data is based on your consent in accordance with article 6 (1) lit. a GDPR or another applicable legal basis under the GDPR. Your data will be transferred to Intercom R&D Unlimited Company in Ireland. Nevertheless, data may be transferred from Europe to the USA, over which we as a company have no influence. Details can be found here: Intercom & GDPR
When you contact us, the data you provide (e.g. e-mail address, name, telephone number) will be stored by us in order to answer your request (article 6 (1) (b) GDPR). We delete the data generated in this context after storage is no longer necessary and is not subject to any legal storage obligations.
When you contact us, the data you provide (e.g. e-mail address, name, telephone number) will be stored by us in order to answer your enquiry (article 6 (1) lit b GDPR). We delete the data arising in this context after storage is no longer necessary and there are no legal obligations to retain it.
Business partners and suppliers
We process personal data in the context of a business relationship with customers and suppliers for the following purposes:
- Communication with business partners about products, services and projects, e.g. processing enquiries from a customer or supplier
- Planning, implementation and administration of the business relationship between the provider and the business partner: processing of orders, collection of payments, for accounting and billing purposes, invoicing, deliveries
- Order processing, e.g. as part of the KYC process
- Compliance with legal requirements, e.g. retention obligations under tax law
- Settlement of legal disputes, defence of legal claims, enforcement of existing contracts
The following categories of personal data may be processed for the aforementioned purposes:
- Contact details such as name, title, address, telephone number, e-mail address, delivery, delivery, invoice addressees
- Information whose processing is necessary in the context of a project or the handling of a contractual business relationship with the provider or which is voluntarily provided by contact persons
- Information from publicly available sources
The data provided by you is required to achieve the above-mentioned purposes and to fulfil the contract or to carry out pre-contractual measures (article 6 (1) lit b GDPR). Without this data, the individual purposes described may not be achieved or we may not be able to conclude the contract with you.
Minors
Please note that all processing of personal data may only be used by persons who have reached the age of 14. The use of our systems and tools and the resulting processing of the data of users under this age limit is prohibited without the consent of parents/legal guardians. Should such data processing nevertheless occur, we will cease processing this data as soon as we become aware of it.
As a matter of principle, we do not enter into business relationships with minors.
Data transfer
For the purposes explained in this privacy policy, we will transfer your (personal) data to third parties if necessary.
Our processors to support customer verification on coinfinity.co and the Coinfinity app are Onfido Limited, with the address 3 Finsbury Avenue, London EC2, 2PA, United Kingdom and Fido S.p.A with the address Via Meravigli 16, 20123 Milan, Italy. The privacy policy of Onfido Limited can be viewed at www.onfido.com/privacy and the privacy policy of Fido SpA can be viewed at www.trustfull.com/legal/privacy-policy
Our processors for the fulfilment of § 6 FM-GWG are DataVendor GmbH with the address Heinrich-Kneissl-Gasse 18, 1140 Vienna and Lukka, INC. with the address 800 Laurel Oak Drive, Unit 300, Naples, FL 34108. The privacy policy of DataVendor GmbH can be viewed at www.datavendor.eu/datenschutzerklaerung and the privacy policy of Lukka INC. can be viewed at www.lukka.tech/privacy-policy.
In addition, personal data may be exchanged with our subsidiary Kurant GmbH in order to ensure the proper and efficient purchase and sale of cryptocurrencies through mutual support measures. Both Coinfinity and Kurant use the data only within the scope of their respective operational or contractual purpose and only to the extent that is essential to achieve this purpose.
Within our organization, those bodies or employees who need it to fulfill contractual or legal obligations and as a result of data processing based on our legitimate interests will receive your data.
Cookies
Cookies are small files that make it possible to store specific, device-related information on the user's access device (PC, smartphone, etc.). On the one hand, they are used to make websites more user-friendly and therefore more user-friendly (e.g. storage of login data). We store information that is necessary for the operation of the website in cookies. However, these are not filled with personal data that could be read by third parties. Users can influence the use of cookies. You can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. By refusing cookies in your browser or deleting them regularly, you can also prevent conclusions being drawn about your behaviour. If cookies are deactivated, the functionality of our website may be restricted.
Use of plug-ins
Google services
We have signed a contract with Google Ireland Limited (“Google”), a company registered and operated under Irish law (registration number: 368047) based at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it may happen that data is transferred from Europe to the USA, but we as a company have no influence on this.
There is currently no adequacy decision by the EU Commission for the USA within the meaning of article 45 (1), (3) of the General Data Protection Regulation (GDPR). This means that the EU Commission has not yet positively determined that the country-specific level of data protection in this country corresponds to that of the European Union on the basis of the GDPR (article 46 appropriate safeguards).
The GDPR requires so-called appropriate safeguards for a data transfer to a third country or an international organisation, article 46 (2), (3) GDPR. There are no such guarantees for the above-mentioned country of destination.
Possible risks that cannot currently be ruled out for you as the data subject in connection with the aforementioned information are in particular:
- Your personal data could possibly be passed on by Google USA to other third parties (e.g. US authorities) beyond the actual purpose of order fulfillment.
- You may not be able to sustainably assert or enforce your information rights against Google USA.
- There may be a higher probability that incorrect data processing may occur, as the technical organizational measures to protect personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can revoke this consent informally by e-mail at any time. Data processing that took place before you withdrew your consent is not affected by the withdrawal and is therefore legally compliant.
Legal basis: Article 6 (1) (a) GDPR
Google Analytics
The website www.coinfinity.co as well as our online platform www.portal.coinfinity.co and the app "Coinfinity - Buy Bitcoin" use Google Analytics, a web analytics service. Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website such as:
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
are usually transferred to a Google server and stored.
The IP address transmitted by your browser as part of Google Analytics is recorded in order to ensure the security of the service and to provide us with information about the country, region or city from which our users originate. This is also known as IP location identification. In Google Analytics, recorded IP addresses are anonymised using so-called IP masks.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
If Google Analytics has been implemented in apps or websites together with other Google advertising products, such as Google Ads, additional advertising IDs may be collected. Users can disable this feature in Google's advertising settings and change their settings for this cookie.
The website www.coinfinity.co, the online platform www.portal.coinfinity.co and the Coinfinity app use the function ‘Activation of IP anonymisation’ (i.e. Google Analytics has been extended by the code ‘gat._anonymizeIp();’ to ensure anonymised collection of IP addresses (so-called IP masking)). As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
According to Google, Google will use the information obtained to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. However, Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. You can prevent cookies from being saved by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of the websites to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the websites (including your anonymized IP address) and from processing this data by Google by clicking on the following link (www.tools.google.com/dlpage/gaoptout?hl=de) download and install the available browser plug-in.
You can find more information about terms of use and data protection at www.google.com/analytics/terms/de.html or under www.support.google.com/analytics/answer/6004245?hl=de.
HubSpot
For our online marketing activities, we use the functions and services of HubSpot from our service provider HubSpot Germany GmbH (Unter den Linden 26, 10117 Berlin, Germany).
We have concluded a contract with HubSpot Germany GmbH (“HubSpot”), a company registered and operated under German law (registration number: 184578 B) with registered office at: Am Postbahnhof 17, 10243 Berlin. Nevertheless, it may happen that data is transferred from Europe to the USA, but we as a company have no influence on this.
For the USA, there is currently no adequacy decision by the EU Commission within the meaning of article 45 (1), (3) of the General Data Protection Regulation (GDPR). This means that the EU Commission has not yet positively determined that the country-specific level of data protection in this country corresponds to that of the European Union under the GDPR (Article 46 appropriate guarantees).
The GDPR requires so-called appropriate guarantees for data transfer to a third country or to an international organization, article 46 (2), 3 GDPR. These are not available for the abovementioned country of destination.
Possible risks that cannot currently be ruled out for you as the person concerned in connection with the above information include:
- Your personal data could possibly be passed on by HubSpot USA to other third parties (e.g.: US authorities) beyond the actual purpose of order fulfillment.
- You may not be able to sustainably assert or enforce your information rights against HubSpot USA.
- There may be a higher probability that incorrect data processing may occur, as the technical organizational measures to protect personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
Rights of data subjects
You have the following rights towards us with regard to your personal data:
- Right of access, rectification and erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
You also have the right to complain to the supervisory authority, which is the Austrian data protection authority:
Austrian data protection authority
Barichgasse 40-42
1030 Vienna
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
Contact for data protection
For data protection questions, notifications or requests, please use the following contact address:
Coinfinity GmbHGriesgasse 10
8020 Graz, Österreich
Telephone: +43 316 711 744
E-mail: datenschutz@coinfinity.co