AVG/GDPR - Data privacy rules
We find data privacy very important and explain what we do with your data. We use data to verify if you are the owner of the account. We use data to send you email to inform you about relevant information regarding your account with us. We submit data, related to the action needed, to our banks to execute transactions. We only share your data when absolutely necessary, and we will inform you about it. Data stored: username, password, email, bank information, offered goods, information related to your transactions and passport information for in case you send/receive significant amounts. Which is required by law. We don't provide information to anyone and personal data is stored in the EU zone. We use encryption to safely store your information and encryption to send/receive information from you. It is not possible to send/receive unencrypted information from us, this does not apply to email. If you want to see the information we store about you, then send a support email/ticket, we will send it to you. If you want us to delete your information we can do this after the taxation terms of seven years (NL). We don't remove any data, and we will not delete your account, when it has credit. If it is an empty account with no credit (but with past transactions), then we delete your account after seven years from the last activity. We do set the account to inactive.
Locations of data: a cloud provider located in EU, they store your personal data on their storage disks in EU, encryption is applied by us, banks have your bank information in case you sent us money or we sent you money. Paypal has data from you, when we sent you a payout via Paypal. Payeer has data in case a payout was sent via Payeer. Your email provider has data regarding your account (username, email address, when receiving/sending transactions), when we sent you an email. We are planning to use an external party to send you emails, for this we will need to share your email address with them.
If you do not agree to the above, or you have questions on the above text please let us know. We take it that you want to do business with us and so you agree with the above.
Data exposure: API calls with valid account information like your API key, expose data like e.g. transaction history, please be careful when sharing your API key. Your shopname is exposed publicly, as well as your address information, in case you are using our market functionality. If you have enabled SocialPage, then your social (media) information is publicly shared. If you share information in our site chat functionality, then that is readible publicly as well. It is also publicly available which crypto currencies you accept, but limited to only your merchantID. We do not share your shop information. We also use: cloudflare (raw traffic), recaptcha (check if you are a robot), tinyurl (url shortener), freshdesk (support desk), google site analytics (measure website visitors), gmail (spam detection filter & automation) and googleapis (to generate images from text).
Compliance review cycle
Due to compliance and regulatory requirements we work with an account label (verified and unverified). If you are verified it means your account information has been flagged for inclusion into the audit cycle. The compliance team will review your account and may ask for additional information to satisfy the internal auditor. Please note that while your account is in unverified status no pay out of fiat money and modern currency is possible. This is in place for all services, AML/KYC.
Trusted support staff is allowed to access your data for support purposes and is not allowed to expose any content in any case. We will not ask for any identity paper upfront. Signup is anonymous, you may receive funds, however in order to send funds out we do ask you to fill in your Payout details and become verified. You are accountable for the administration with your local chamber of commerce and take full accountability for your business. If we find out your business is doing illegal activities, including but not limited to: selling drugs and copyright infringement we have the right to close your account. We will ask you to stop your activities. Your funds are still yours, unless we get an order from authorities to confiscate. The governmental bodies are leading in this and we comply to the law at all times, as maybe expected from us. We will not expose or close your account if somebody requests us without valid court ruling. In all cases we hold true to our slogan: "currency payment provider you can trust", we will return your funds as they are yours and you trust us to do a good job. We take your privacy seriously.
We hold the right to send you email regarding your business engagement with us and to inform you on the status of scheduled server down times, but also to inform you on new service offerings.
Crypto coin market
Usage is at own risk, we recommend to first get in contact with the merchant before making a purchase. This so that in case of any issues you have a trail through which you can inform local authorities. Offerings are not hard offerings until agreement between Merchant and Buyer is reached. Nobody can be held accountable on pricing before written email confirmation is achieved. The market is not a typical escrow service, coins paid can immediately be transferred upon arrival.
The autonomy functionality is provided as is, we have no control over self-hosted wallet servers and our liability is discarded for those types of servers. On dedicated managed and our Secure Cloud platform Cointopay International B.V. is accountable for the funds.
Cold storage is offered with and without insurance. Your funds are physically removed from our wallets and placed onto USB stick and sealed paper backup. They are placed inside a vault type housing at a remote location and the amount is removed from the wallet and is placed under contract in the account section. We offer free cold storage relocations per year incl. 2 times to the cold storage facility and 2 times back within the same contract. There is one type of year contract. After the contract is expired the value will be returned to the wallet. We recommend to use the T-Zero functionality to place funds into Cold Storage, to perform this login to the site to make transfer with existing credit balance.
In case you find an error we appreciate to receive your comments so we can correct any issue. We also expect that the site is not misused explicitly by trying to bring it down via DDOS attacks. If you are angry about something holding down F5 will not help, please talk to us about it, it starts with an email.
We take full care of the hosting wallets in our Secure Cloud incl. security, maintenance and support, there are some items to take note of:
1) We are not responsible for wrong usage of our wallet, when receiving funds, we work with payment windows. If payments are made outside of the payment window there is zero accountability. How to take care no issues arise: (recommend to) pay with the optimal miner fee of the currency of choice and (advise to) make the payment within 5 minutes after address generation.
2) We have no accountability and liability regarding your funds, you make use of our services at your own risk. In any case! Cold storage is a risk mitigation measurement to avoid loss of assets and we can provide that at an additional fee.
3) The following fees apply:
- When accepting crypto we take 1 percent plus the applicable miner fee (different per currency).
- When converting crypto we have a dynamic fee, which usually ranges from 5- to 21 percent, depending on market conditions.
- When you buy crypto from us with FIAT we apply a dynamic fee as well (see above). If there is a time gap between the check out and the moment of receiving of the fiat funds we have the right to adjust the crypto amount to the rates applicable at that moment.
- For a payout to fiat currency we charge a dynamic fee as well, there is no right to money back if the amount received is not acceptable.
Please note: in the past we have had some bad experiences regarding the above, the text is merely to provide us sufficient legal coverage in case of legal attacks.
Right to say no
We hold the right to say no at all times. E.g. if you expect us to give priority service to individuals. All customers are equal unless additional business agreements have been made with the representatives of Cointopay International B.V.