Privacy Policy Coinfinity GmbH
Version as of 02 June 2022
Information about the collection of personal data
Your data will be processed exclusively on the basis of the EU-DSGVO, the DSG as well as the TKG. In the following, we provide information about the collection of your personal data. Personal data is all data that can be related to you personally, for example: Name, personal email addresses, IP addresses, telephone numbers, etc.
The responsible party pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
Coinfinity GmbH,
Managing Partner: Max Tertinegg
Address: Griesgasse 10, 8020 Graz, Austria
Phone: +43 316 711 744
E-mail: office@coinfinity.co
The following applies to interested parties, business partners, customers and suppliers:
- We store from you those data that are necessary for the mutual fulfillment of the contract. These are the following data categories: Customer or supplier master data, contact data of your employees, contract data or those data that you send us, for example, by e-mail. We do not process sensitive data. The data will be deleted by us as soon as storage is no longer necessary or legal storage obligations have expired.
- Data will only be passed on to third parties - except in cases prescribed by law - with your respective consent or to contractually bound order processors.
- Legal basis: Art. 6 para. 1 lit b, c, f; when obtaining consent Art 6 para. 1 lit a DSGVO
This data protection statement refers exclusively to the website coinfinity.co, which is managed by Coinfinity. If you are forwarded to other websites via links on our website, please inform yourself directly on the target page about the respective handling of your data. We cannot assume any responsibility or liability for the content of third-party websites linked to our website.
Collection of personal data when using our services
Use of the website
Every time you access content on our website, data is temporarily stored that your browser transmits to our server and may allow identification. The following data is collected:
- Date and time of access
- IP address
- Host name of the accessing computer
- Website from which the website was accessed
- Websites accessed via the website
- Page visited on our website
- Message, whether the request was successful
- Amount of data transferred
- Information about the browser type and version used
- Operating system
Temporary storage of data is necessary for the course of a website visit to enable delivery of the website. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. These purposes also constitute our legitimate interest in data processing (Art. 6 para. 1 lit f DSGVO).
Buying or selling via coinfinity.co
Before buying or selling cryptocurrencies via coinfinity.co, you must register on the website and then (in accordance with §6 FM-GWG) positively complete a "know your customer" verification process (hereinafter "KYC").
This verification may be carried out by an external service provider which performs this process. In the course of this registration or KYC verification and the subsequent order of cryptocurrencies (purchase or sale), the following personal data will be collected: First name, last name, address data, date of birth, bank data, email address, telephone number and ID data (submission of a copy of the ID for KYC verification).
This personal data is required by us for the performance of the contract and to meet legal requirements (Art. 6 para 1 lit b DSGVO, Art 6 para 1 lit c DSGVO) as well as for the purpose of traceability of visitors, testing the effectiveness of advertising measures, for the playout of targeted advertising elements and messages as well as for purposes of security and improving the quality of our offer based on our legitimate interest (Art. 6 para 1 lit f DSGVO). Contact is made exclusively through e-mail addresses provided by the customer himself. Unsubscribing from targeted advertising messages is possible via the "unsubscribe" button at the end of each customer information sent by us.
We delete the data accruing in this context after the storage is no longer necessary or legal retention obligations or time limits according to the Financial Market Money Laundering Act have expired.
Newsletter
On our website you also have the option to subscribe to our newsletter. The newsletter is sent exclusively to e-mail addresses provided by interested parties themselves (Art 6 para 1 lit a DSGVO). In the event that the receipt of the newsletter is no longer desired, it can be unsubscribed at any time by clicking on the "unsubscribe" button at the end of each newsletter sent by us. The data collected for sending the newsletter will - unless otherwise provided by law and the data is not processed on the basis of a separate legal basis - be deleted again after any unsubscription.
Support cases
When you contact us, the data you provide (e.g.: e-mail address, name, telephone number) will be stored by us in order to answer your inquiry (Art. 6 para. 1 lit b DSGVO). We delete the data accrued in this context after the storage is no longer necessary and there are no legal retention obligations.
Business partners and suppliers
The provider processes personal data in the context of a business relationship with customers and suppliers for the following purposes:
- Communication with business partners about products, services and projects, e.g..e.g. processing of inquiries from a customer or supplier
- planning, implementation and administration of the business relationship between the provider and the business partner: processing of orders, collection of payments, for accounting and billing purposes, invoicing, deliveries
- order processing, e.g. as part of the KYC process
- compliance with legal requirements, e.g. tax law retention obligations
- Settlement of legal disputes, defense of legal claims, enforcement of existing contracts,
The following categories of personal data may be processed for the aforementioned purposes:
- Contact data such as name, title, address, telephone number, e-mail address, delivery address, invoice address
- Information whose processing is required in the context of a project or the handling of a contractual business relationship with the provider or which is provided voluntarily by contact persons
- Information from publicly available sources
The data provided by you are required to achieve the above-mentioned purposes and for the performance of the contract or necessary for the implementation of pre-contractual measures (Art. 6 para 1 lit b DSGVO). Without this data, the individual purposes described may not be achieved or we may not be able to conclude the contract with you.
Minors
It is pointed out that all processing of personal data may only be used by persons who have reached the age of 14. The use of our systems and tools and the resulting processing of the data of users under this age limit is prohibited without the consent of the parents/guardians. Should such data processing nevertheless occur, we will cease processing such data as soon as we become aware of it.
As a matter of principle, we do not enter into business relationships with minors.
Payment service providers
If you choose a payment service provider as part of the ordering process, you consent to us collecting the personal data necessary for processing the purchase and an identity and credit check and transmitting it to the payment service provider you have chosen.
We currently use the following payment service providers:
SOFORT, Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany. Contact: https://www.sofort.de/sofort-kontakt.html, Privacy Policy: https://www.sofort.de/datenschutz.html
Data transfer
For the purposes explained in the context of this privacy policy, we will transfer your (personal) data to third parties if necessary.
Our order processor to support customer verification on coinfinity.co is Onfido Limited, with the address 3 Finsbury Avenue, London EC2, 2PA,United Kingdom. The privacy policy of Onfido Limited can be viewed at https://onfido.com/privacy/.
Our order processors for the fulfillment of §6 FM-GWG are DataVendor GmbH with the address Heinrich-Kneissl-Gasse 18, 1140 Vienna and IVXS UK Limited with the address 86-90 Paul Street, London EC2A 4NE, United Kingdom. The privacy policy of IVXS UK Ltd. can be viewed at https://complyadvantage.com/privacy-notice/.
To send our newsletter, we use the newsletter service of HubSpot, which is operated by HubSpot Germany GmbH. HubSpot's privacy policy can be viewed here: https://legal.hubspot.com/de/privacy-policy.
Furthermore, personal data may be exchanged with our subsidiary Kurant GmbH in order to ensure the proper and efficient buying and selling of cryptocurrencies through mutual support measures. Both Coinfinity and Kurant use the data only within the scope of their respective operational or contractual purpose and only to the extent that this is indispensable to achieve this purpose.
Within our organization, those offices or Within our organization, your data will be disclosed to those departments or employees who need it to fulfill their contractual or legal obligations and for data processing based on our legitimate interests.
Cookies
Cookies are small files that enable specific information related to the device to be stored on the user's access device (PC, smartphone or similar). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). We store information that is necessary for the operation of the website in cookies. However, these are not filled with personal data that could be read by third parties. Users can influence the use of cookies. You can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. By refusing cookies in the browser or deleting them regularly, you can also prevent conclusions from being drawn about your behavior as a result. When deactivating cookies, the functionality of our website may be limited.
Use of plug-ins
Google services
We have concluded a contract with Google Ireland Limited ("Google"), a company registered and operated under Irish law (registration number: 368047) with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it may happen that data is transferred from Europe to the USA, over which, however, we as a company have no influence.
There is currently no adequacy decision by the EU Commission for the USA within the meaning of Article 45 (1), (3) of the General Data Protection Regulation (GDPR). This means that the EU Commission has not yet positively determined that the country-specific data protection level of this country corresponds to that of the European Union based on the GDPR (Article 46 suitable safeguards).
The GDPR requires so-called suitable safeguards for a data transfer to a third country or to an international organization, Article 46 (2), (3) GDPR. Such guarantees do not exist for the above-mentioned country of destination.
Possible risks that cannot currently be excluded for you as a data subject in connection with the above-mentioned information are in particular:
- Your personal data could possibly be passed on by Google USA to other third parties (e.g. US authorities) beyond the actual purpose of fulfilling the order.
- You may not be able to sustainably assert or enforce your rights of access against Google USA.
- There is a higher likelihood that your personal data will be transferred to a third party. There may be a higher probability that incorrect data processing may occur, as the technical organizational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can revoke this consent at any time informally by e-mail. The data processing that took place before you revoked your consent is not affected by the revocation and is therefore legally compliant.
Legal basis: Art 6 para 1 lit a DSGVO
GoogleAnalytics
This website uses Google Analytics, a web analytics service. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website such as:
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server request,
are usually transmitted to a Google server and stored.
The IP address transmitted by your browser as part of Google Analytics is recorded to ensure the security of the service and to provide us with information about which country, region or city our users come from. This is also referred to as IP location determination. In Google Analytics, collected IP addresses are anonymized using so-called IP masks.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
If Google Analytics has been implemented in apps or websites together with other Google advertising products such as Google Ads, additional advertising IDs may be collected. Users can deactivate this function in Google's advertising settings and change their settings for this cookie.
This website uses the function "Activation of IP anonymization" (i.e. Google Analytics has been extended by the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking)). This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. and shortened there.
According to Google, Google will use the information obtained to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. However, Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we would like to point out that in this case you may not be able to use all functions of the websites to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the websites (including your anonymized IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link(https://tools.google.com/dlpage/gaoptout?hl=de).
For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://support.google.com/analytics/answer/6004245?hl=de.
HubSpot
Wir nutzen für unsere Online Marketing-Aktivitäten die Funktionen und Services von HubSpot unseres Dienstleisters HubSpot Germany GmbH (Unter den Linden 26, 10117 Berlin, Deutschland).
Wir haben einen Vertrag mit HubSpot Germany GmbH („HubSpot“), eine nach deutschem Recht eingetragene und betriebene Gesellschaft (Registernummer: 184578 B) mit Sitz in: Am Postbahnhof 17, 10243 Berlin abgeschlossen. Trotzdem kann es vorkommen, dass Daten aus Europa in die USA übermittelt werden, worauf wir als Unternehmen allerdings keinen Einfluss haben.
Für die USA besteht aktuell kein Angemessenheitsbeschluss der EU-Kommission im Sinne des Artikels 45 Abs. 1, 3 Datenschutzgrundverordnung (DSGVO). Das heißt, dass die EU-Kommission bislang nicht positiv festgestellt hat, dass das landesspezifische Datenschutzniveau dieses Landes dem der Europäischen Union aufgrund der DSGVO entspricht (Artikel 46 geeignete Garantien).
Die DSGVO setzt für eine Datenübermittlung in ein Drittland oder an eine internationale Organisation sogenannte geeignete Garantien voraus, Art. 46 Abs. 2, 3 DSGVO. Solche liegen für das o. g. Bestimmungsland nicht vor.
Eventuelle Risiken, die sich im Zusammenhang mit den vorgenannten Informationen aktuell für Sie als Betroffenen nicht ausschließen lassen, sind insbesondere:
- Ihre personenbezogenen Daten könnten möglicherweise über den eigentlichen Zweck der Auftragserfüllung hinaus durch HubSpot USA an andere Dritte (z. B.: US-amerikanische Behörden) weitergegeben werden.
- Sie können Ihre Auskunftsrechte gegenüber HubSpot USA möglicherweise nicht nachhaltig geltend machen bzw. durchsetzen.
- Es besteht möglicherweise eine höhere Wahrscheinlichkeit, dass es zu einer nicht korrekten Datenverarbeitung kommen kann, da die technischen organisatorischen Maßnahmen zum Schutz personenbezogener Daten quantitativ und qualitativ nicht vollumfänglich den Anforderungen der DSGVO entsprechen.
Mit Ihrer Zustimmung zur Verarbeitung von (Werbe- und Marketing) Cookies willigen Sie explizit in die Datenübermittlung in die USA ein. Sie können diese Einwilligung jederzeit formlos per E-Mail widerrufen. Die Datenverarbeitung, die vor dem Widerruf Ihrer Einwilligung stattgefunden hat, ist von dem Widerruf nicht betroffenen und damit rechtskonform.
Rechtsgrundlage: Art 6 Abs 1 lit a DSGVO
Facebook Pixel
Innerhalb dieser Website werden sog. „Facebook-Pixel“ des sozialen Netzwerkes Facebook, welches in Europa von der Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland betrieben wird („Facebook“), eingesetzt.
Mit Hilfe des Facebook-Pixels ist es Facebook möglich, die Besucher unseres Angebotes als Zielgruppe für die Darstellung von Anzeigen, sog. „Facebook-Ads“ zu bestimmen. Dementsprechend setzen wir das Facebook -Pixel ein, um die durch uns geschalteten Facebook-Ads nur solchen Facebook-Nutzern anzuzeigen, die auch ein Interesse an unserem Internetangebot gezeigt haben. Das heißt, mit Hilfe des Facebook -Pixels möchten wir sicherstellen, dass unsere Facebook-Ads dem potenziellen Interesse der Nutzer entsprechen und nicht belästigend wirken. Mit Hilfe des Facebook-Pixels können wir ferner die Wirksamkeit der Facebook-Werbeanzeigen für statistische und Marktforschungszwecke nachvollziehen, in dem wir sehen ob Nutzer nach dem Klick auf eine Facebook-Werbeanzeige auf unsere Website weitergeleitet wurden.
Der Facebook-Pixel wird beim Aufruf unserer Webseiten unmittelbar durch Facebook eingebunden und können auf Ihrem Gerät ein sog. Cookie, d.h. eine kleine Datei abspeichern. Wenn Sie sich anschließend bei Facebook einloggen oder im eingeloggten Zustand Facebook besuchen, wird der Besuch unseres Angebotes in Ihrem Profil vermerkt. Die über Sie erhobenen Daten sind für uns anonym, bieten uns also keine Rückschlüsse auf die Identität der Nutzer. Allerdings werden die Daten von Facebook gespeichert und verarbeitet, sodass eine Verbindung zum jeweiligen Nutzerprofil möglich ist. Die Verarbeitung der Daten durch Facebook erfolgt im Rahmen von Facebooks Datenverwendungsrichtlinie. Dementsprechend erhalten Sie weitere Informationen zur Funktionsweise des Remarketing-Pixels und generell zur Darstellung von Facebook-Ads, in der Datenverwendungsrichtlinie von Facebook: https://www.facebook.com/policy.php.
Sie können der Erfassung durch den Facebook-Pixel und Verwendung Ihrer Daten zur Darstellung von Facebook-Ads widersprechen. Hierzu können Sie die von Facebook eingerichtete Seite aufrufen und dort die Hinweise zu den Einstellungen nutzungsbasierter Werbung befolgen: https://www.facebook.com/settings?tab=ads oder den Widerspruch über die EU-Seite http://www.youronlinechoices.com/ erklären. Die Einstellungen erfolgen plattformunabhängig, d.h. sie werden für alle Geräte, wie Desktopcomputer oder mobile Geräte übernommen.
We have concluded a contract with Facebook Ireland Ltd. ("Facebook"), a company registered and operated under the laws of Ireland (registration number: 462932) with its registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Nevertheless, it may happen that data is transferred from Europe to the USA, over which, however, we as a company have no influence.
There is currently no adequacy decision by the EU Commission for the USA within the meaning of Article 45 (1), (3) of the General Data Protection Regulation (GDPR). This means that the EU Commission has not yet positively determined that the country-specific data protection level of this country corresponds to that of the European Union based on the GDPR (Article 46 suitable safeguards).
The GDPR requires so-called suitable safeguards for a data transfer to a third country or to an international organization, Article 46 (2), (3) GDPR. Such guarantees do not exist for the above-mentioned country of destination.
Possible risks that cannot currently be excluded for you as a data subject in connection with the above-mentioned information are in particular:
- Your personal data could possibly be disclosed by HubSpot USA to other third parties (e.g. US authorities) beyond the actual purpose of fulfilling the order.
- You may not be able to sustainably assert or enforce your rights to information vis-à-vis HubSpot USA.
- There is a higher likelihood that your personal data will be disclosed to third parties. There may be a higher probability that incorrect data processing may occur, as the technical organizational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can revoke this consent at any time informally by e-mail. The data processing that took place before you revoked your consent is not affected by the revocation and is therefore legally compliant.
Legal basis: Art 6 para 1 lit a DSGVO
Data subject rights
You have the following rights vis-à-vis us with regard to the personal data concerning you:
- Right to information, correction and deletion
- Right to restriction of processing
- Right to object to processing
- Right to data portability
You also have the right to complain to the supervisory authority, which is the Austrian data protection authority:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Contact for Data Protection
For data protection questions, notifications or requests, please use the following contact address:
Coinfinity GmbH
Griesgasse 10
8020 Graz, Austria
Phone: +43 316 711 744
Email: datenschutz@coinfinity.co