Privacy statement
last updated on 24.11.2025
For 21bitcoin data protection and transaction security, have the highest priority during business operations. 21bitcoin is a service of FIOR Digital GmbH (from hereinafter referred to as FIOR).
FIOR values the trust that you place in us as a customer when trading Bitcoin on our platform. For this reason, data protection and data security are central cornerstones for FIOR when providing its services. It's very important to us that you feel safe using our platform and services, and doing anything else you do with us.
As soon as you use FIOR products and services, you entrust us with your personal data. We want to give you the best experience with our platform so you can enjoy using our products and services now and in the future. That is why we also want to understand user behavior on our platform in order to continuously improve it. In addition to our services, it is also necessary to process your personal data for such activities.With this privacy policy, we would therefore like to inform you transparently and in detail about what personal data we collect from you, how we process it and to whom we transfer it. In addition, we would like to inform you about what precautions we take to protect your personal data, what rights you have in this context and who you can contact if you have questions about data protection law. With regard to the terms used in this privacy policy, such as “processing” or “responsible person,” we refer to the definitions of GDPR.
General
FIOR offers via the website 21bitcoin.app and the mobile application ("mobile app") (hereinafter together as "webpage" or "platform" means) services and products related to buying and selling Bitcoin.
FIOR, based in Rottweg 66, 5020 Salzburg, Austria, registered in the commercial register of the Salzburg Regional Court under FN 556789h is the provider of the platform and is responsible for trading Bitcoin on it.
‍
Our data protection officer can be reached via heyData GmbH, SchĂĽtzenstraĂźe 5, 10117 Berlin, www.heydata.eu, E-Mail: datenschutz@heydata.eu.
1. Applicability
Who does this privacy statement apply to?
‍
This privacy policy applies to all persons who use FIOR's services, the website and the mobile app or otherwise interact with FIOR (e.g. business partners, prospects, service providers, etc.); in general, this person is referred to as “customer” or “you” below.
2. Minors
Are minors allowed to use FIOR services?
‍
No, FIOR's products and services are not aimed at people under 18 years of age. Only persons of legal age may use FIOR services and register on the platform. Therefore, to the best of our knowledge, we do not collect any personal data from minors. So if you are under 18 years of age, please do not use our platform and do not submit any personal data to us.
3. Responsible person
Who is responsible for data processing and who can I contact?
‍
FIOR is aware that the protection and careful handling of your personal data is very important. FIOR uses the personal data you provide exclusively in accordance with the applicable data protection laws in this privacy policy and with your consent.If you have any questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you are welcome to contact our data protection team: privacy@fior.digital. Please note that for certain inquiries, we need further identification information from you (e.g. passport, identity card, etc.) to ensure that your personal information is only shared with you.
4. Data categories and sources
Which of my personal data is processed and from which sources does this data come?
‍
We process the personal data that we receive from you as part of the business relationship and use of our website. In addition, data from credit agencies, debtor registers, providers of business analyses and publicly available sources (e.g. commercial register, register of associations, land register, media, sanction lists) can be processed.When using FIOR services or otherwise interacting with FIOR, the following of your personal data may be processed:
- Contact details: When creating a new user account or communicating with FIOR, we can process, for example, name, address, telephone number, email address, date of birth, etc.
- Verification data: When an account is verified, although this also depends on the level of verification, screenshots of national identity documents and the identification data from these documents, verification videos for the confirmation of identity, information on the verification of residence, data on the status of politically exposed persons can be processed
- Financials: Bank details (IBAN, BIC), payment service provider information, payment data, transaction ID, etc. can be processed as part of transactions made
- Log data: As part of activities on our website, for example, IP address, computer or mobile device information, operating system, browser type, device type, unique device identification number, identification cookies (e.g. for the referral program), optional form data, third-party cookies, etc. may be processed.
- Mobile app data: When you use the mobile app, we can process, for example, IP address, transaction data, deposit and withdrawal address, mobile device information, frequency, time, operating system, browser type, device type, unique device identification number, optional form data, crash reports, link tracking, performance data and only with your express consent, data from: camera, microphone, submitted files, telephone (SMS) confirmation)
- Information and proof of source of funds: If proof of the source of funds is required, we can process, for example, account statements or other evidence prepared by banks or financial institutions, purchase contracts or contracts in general or other suitable data to prove or determine the source of funds if the day/monthly or general amount limits of FIOR are exceeded or if an upgrade to 21Private “OTC Service” takes place. To determine the purpose of using the above services or the volume of trade, additional information about current, past or planned business or personal activities of private customers or other data to determine the client's intentions may be processed at the request of FIOR or by the customer
- Support inquiries: When you contact our support, for example, the personal data provided to the support team as part of the request may be processed
- Marketing data: When you visit our website or social media sites (such as the Instagram company page) or use the mobile app, statistical and marketing data such as: number of visitors, frequency, clicks, time, locations, target groups, data from cookies and similar technologies (pixels, clear GIFs, etc.), consumer behavior, interests and preferences, data about market research and target group surveys, etc. can be processed; with regard to social media, see also point 11
- Photo, video and audio data: When we participate in events or trade fairs or organize such events ourselves or conduct interviews with people, we can take photographs and other recordings of them and process photo, video and audio data. However, we will always inform you separately about such recordings
- Application data: If you apply for a job on our website or via LinkedIn, we can process the data necessary for the hiring process, such as contact details, curriculum vitae, qualifications, police clearance, credit report, national identification documents such as passport, driver's license and the data from all of these documents, links to your portfolio or social media platforms, etc.
5. Purposes and legal bases for processing data
For what purposes and on which legal basis is my personal data processed by FIOR Digital?
‍
All data processing at FIOR is carried out in accordance with the GDPR and the Austrian Data Protection Act (DSG). We always process your personal data on the basis of at least one of the legal bases set out below. If we ask you to provide further personal data not listed above, you will be notified of the purpose and legal basis for collecting and processing this data at the time of collection.
5.1 To fulfill contractual obligations (Article 6 (1) (b) GDPR)
The processing of personal data may be necessary to fulfill contractual or pre-contractual obligations towards you. The following data processing processes are, for example, covered by such a contractual obligation:
- Overall delivery of our services, including all tasks required to operate, deliver and manage FIOR and the platform
- Account management (e.g. continuous updating of customer data)
- Fulfilling your orders (e.g. payment processing, chargebacks, proof of purchase and sale)
- Implementation of the “referral program”
- Customer service and support inquiries (e.g. contact due to complications, intercom)
- Authentication process when you register and verify an account on our website (identity verification)
- Analyzing and improving the quality and general user experience of our website (e.g. using performance tracking on our platform)
- Data security and IT security on our website and security of our network (e.g. protection against identity theft and against incorrect or suspicious access to our websites)
- Application process for new employees
5.2 To comply with legal obligations (Article 6 (1) (c) GDPR)
The processing of personal data may also be necessary to fulfill various legal obligations (e.g. FM-GwG, MiCAR, DORA, WiEReG,, etc.). The following data processing processes are, for example, covered by such legal obligations:
- Contract management, bookkeeping and invoicing
- Compliance and risk management
- Know-your-customer measures such as authentication process (identity verification) and verification of the source of funds
- Monitoring to combat fraud, misuse (e.g. for illegal purposes), money laundering , terrorist financing and bypassing of sanctions
- Information as required by an official order as part of financial criminal proceedings or for general prosecution
- Consultation of credit institutions to identify credit and default risks, etc.
5.3 To protect legitimate interests (Article 6 (1) (f) GDPR)
If necessary, data may be processed by FIOR or a third party in addition to fulfilling a contract to protect the legitimate interests of FIOR. The following data processing operations are, for example, affected by such a legitimate interest:
- Prevention of fraud, misuse (e.g. for illegal purposes), money laundering, terrorist financing and bypassing of sanctions
- Risk management and risk minimization, e.g. through inquiries to credit agencies, debtor registers or providers of business analyses
- Identifying and verifying potentially erroneous or suspicious business cases and accesses to our websites or applications
- Account management and processing of general customer inquiries
- Measures to protect our customers and partners and to secure the network and information; including measures to protect our employees and FIOR property, e.g. video surveillance (72 hour deletion cycle) and measures taken by external data centers and service providers
- Handling inquiries from authorities, lawyers, collection agencies as part of legal prosecution and enforcement of legal claims in the context of court proceedings
- Market research and development of services and products
- Processing of statistical data, performance data and general market research data via the website, mobile app or social media platforms (e.g. X, Instagram, LinkedIn, YouTube, etc.)
- Processing customer preferences (e.g. language, region) using cookies on our website
- Direct marketing and advertising (e.g. implementation of marketing strategies, customer contact, sending vouchers and advertising from FIOR and its partner companies)
- Use of audio, video and photo data from public spaces (e.g. public events, trade fairs, etc.) for marketing and other representation purposes on our social media channels or website
- Review of referral program performance
5.4 Based on consent (Article 6 (1) (a) GDPR)
If you have given us your consent to process your personal data, the processing will only take place for the purposes set out in the declaration of consent and to the extent agreed therein. Any consent you have given can be withdrawn at any time without giving reasons and with effect for the future if you no longer agree to the processing. For example, with your consent, we process data for the following purposes:
- For using all functions of the mobile app (e.g. device permission, camera to scan QR codes, etc.)
- Direct marketing and advertising (e.g. customer satisfaction surveys, newsletters, competitions and other promotional communications, etc.)
- Analysis and tracking on our website for advertising purposes
- Certain uses of audio, video and photo data (e.g. advertising films, interviews, etc.) for marketing and other representation purposes via various channels
- Automated authentication process when you verify yourself (identity verification)
- Application management system, recruitment process and processing of your application (e.g. voluntary storage of applicant data for 2 years, data transfer from your social media account when using the “Apply with LinkedIn” tool, see also point 11)
6. Special categories of personal data
Does FIOR process special categories of personal data?
‍
No, FIOR does not process any special categories of personal data from customers. This includes data that reveal racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as genetic and biometric data (Article 9 (1) GDPR).
7. Recipients of personal data
Who receives my personal data?
‍
The protection and confidentiality of your personal data is very important to FIOR Digital. For this reason, we only transfer your personal data to the extent described below or as part of an instruction at the time your data is collected. We neither sell nor otherwise share your personal data with third parties for money.
7.1 Data transfer to public institutions and institutions
Your personal information may be transferred to public bodies or institutions (I) if we are required to do so by law or as part of legal proceedings, (II) if we believe that disclosure is necessary to prevent damage or financial loss, or (III) if it is related to an investigation of suspected or actual fraudulent or illegal activity.
7.2 Data transfer to third parties
Joint responsibility: If FIOR acts as a joint controller together with other parties, we may provide these third parties with personal data, and the processing is always based on at least one of the legal bases set out in point 7 above. In addition, in the case of joint responsibility, we only transfer your personal data on the basis of a sufficient agreement with the other responsible parties (Art 26 GDPR).
Other third parties: FIOR may transfer your personal data to other third parties with your consent for disclosure or for the purpose of fulfilling the contract or at the request of the customer even before the contract is concluded.
7.3 Data transfer to service providers
To a limited extent, we also transfer personal data to contract processors who provide services for us. Contract processors may only use or share this data to the extent necessary to provide services for FIOR or to comply with legal requirements. We contractually oblige such processors to ensure the confidentiality and security of your personal data that they process on our behalf.
8. Data processing on our website
8.1 Notice for website visitors
We store information on users’ devices (e.g., cookies) and access information already stored (e.g., IP addresses) via our website (or app). The specific types of information involved are described in the following sections.
- Strictly Necessary Storage and Access
Where storage or access is strictly necessary for us to provide a service expressly requested by the user (e.g., for the technical provision of a chatbot or to ensure IT security of the website/app), we rely on the applicable national legislation implementing the ePrivacy Directive (2002/58/EC), as well as Article 6(1)(f) GDPR (legitimate interests) or Article 6(1)(b) GDPR (performance of a contract), where appropriate. - Consent-based Storage and Access
In all other cases (particularly for technologies used for analytics, statistics, or marketing), storage or access takes place only after the user has given explicit consent, in line with the relevant national provisions implementing the ePrivacy Directive (e.g., cookie consent) and Article 6(1)(a) GDPR (consent). Users can withdraw their consent at any time with future effect, for example via our cookie settings or within the app settings. - Subsequent Data Processing
Any further processing of personal data collected via these technologies is carried out according to the General Data Protection Regulation (GDPR) and in line with the purposes described in this document (e.g., analytics, marketing, improving our services).
8.2 Informative use of our website
During the informative use of the website, i.e. when site visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
8.3 Web hosting and provision of the website
Our website is hosted by Webflow. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. In doing so, the provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data in the USA. Further information can be found in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.
It is our legitimate interest to provide a website, so the legal basis of the described data processing is Art. 6 para. 1 s. 1 lit. f GDPR.
The legal basis of the transfer to a country outside the EEA are adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.
We use the content delivery network Cloudflare for our website. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. The provider thereby processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data in the USA. Further information can be found in the provider's privacy policy at https://www.cloudflare.com/privacypolicy/.
We have a legitimate interest in using sufficient storage and delivery capacity to ensure optimal data throughput even during large peak loads. Therefore, the legal basis of the described data processing is Art. 6 para. 1 s. 1 lit. f GDPR.
Legal basis of the transfer to a country outside the EEA are adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.
8.4 Vacant positions
We publish vacant positions on our website, on pages linked to the website or on third-party websites.
The processing of the data provided as part of the application is carried out for the purpose of implementing the application process. Insofar as this is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. GDPR. We have marked the data required to carry out the application process accordingly or refer to them. If applicants do not provide this data, we cannot process the application.
Further data is voluntary and not required for an application. If applicants provide further information, the basis is their consent (Art. 6 para. 1 s. 1 lit. a GDPR).
We ask applicants to refrain from providing information on political opinions, religious beliefs and similarly sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent their processing as part of the processing of the resume or cover letter. Their processing is then also based on the consent of the applicants (Art. 9 para. 2 lit. a GDPR).
Finally, we process the applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Art. 6 para. 1 s. 1 lit. a GDPR.
We pass on the applicants' data to the responsible employees in the HR department, to our data processors in the area of recruiting and to the employees otherwise involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we delete the data only after the employment relationship has ended. Otherwise, we delete the data no later than six months after rejecting an applicant.
If applicants have given us their consent to use their data for further application procedures as well, we will not delete their data until one year after receiving the application.
8.5 Third parties
8.5.1 Google Analytics
We use Google Analytics for analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes usage data (e.g. web pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.
The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.
8.5.2 Google Tag Manager
We use Google Tag Manager for analytics and for advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. web pages visited, interest in content, access times) in the USA.
The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The transfer of personal data to a country outside the EEA takes place on the legal basis adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.
We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.
8.5.3 Tally
We use Tally for our interactive forms on our website. The provider is Tally BV August Van Lokerenstraat 71, 9050 Ghent, Belgium. The provider processes identification/communication data (e.g. electronic identification data, form data). The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://tally.so/help/data-processing-agreement?utm_source=chatgpt.com
9. Data processing in the app
9.1 Downloading the app
Our app is ready for download at ​Apple App Store and Google's Play Store ​ (hereinafter "Stores"). When users download the app, the necessary information is transmitted to the stores, i.e. in particular, e-mail address, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app to the user's mobile device.
Users can also download this mobile app directly to their mobile device via our website. When downloading, further user data is processed via the website, which we inform about in the privacy policy of our website.
9.2 Hosting
Our app is hosted by ​AWS. The provider thereby processes the personal data transmitted via the app, e.g. on content, usage, meta/communication data or contact data. It is our legitimate interest to provide an app, so that the legal basis of the data processing is Art. 6 para. 1 s. 1 lit. f GDPR.
The provider hosts the app on servers in Ireland
9.3 Informative use of our app
When users use our app, we collect the data that is technically necessary for us to offer users the functions of our app and to ensure stability and security. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
The data processed to this extent are:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete interface)
- Access status/HTTP status code
- Amount of data transferred in each case
- Operating system and its interface
- Language and version of the operating system
9.4 Access to functions or data
The app requests the user's access to functions of the end device or to data of the device in order to be able to execute functions of the app. By allowing access, the user gives consent to the associated data processing, so that the legal basis is Art. 6 para. 1 s. 1 lit. a GDPR. Users can revoke their consent at any time by terminating access in the settings of their end device. The revocation does not affect the lawfulness of the processing until the revocation.
The data processed or access functions used in this respect are
- Camera and microphone
- ​OS built in functions ​
9.5 Data processing for the provision of functions
In the app, we process data in order to provide the user with functions of the app. The legal basis for the processing is the usage agreement concluded with the user via the app.
The data processed to this extent are:
- Location and Universal Unique Identifier of the endpoint device (UUID)​
9.6 User account
Users can open a user account in the app. We process the data requested in this context to fulfill the respective user contract concluded for the account, so that the legal basis for the processing is Art. 6 para. 1 s. 1 lit. b GDPR. We delete the data when users delete their user account.
9.7 Processing of ID Card Data
As part of the identity verification or age verification process, users may present their ID card data. These data are processed solely for the purpose of conducting the relevant queries. The processing is based on the fulfillment of a legal obligation or contractual necessity (Art. 6(1) sentence 1 lit. c or b GDPR). Data is stored only if necessary for the fulfillment of the purpose and will be deleted immediately after the verification or query is completed.
9.8 Crypto-Asset Services
We offer the ability to trade, transfer and custody crypto-assets via our app. During the transaction process, we involve external service providers who only receive the personal data necessary to deliver their respective services. This data processing is carried out for the purpose of fulfilling the contract concluded with users (Article 6(1)(b) GDPR).
9.9 Third-party tools
To ensure effective and legally compliant operations, we use a range of third-party tools. Below is a list of the areas in which the tools are used and the legal basis on which the data is processed.
9.9.1 Processing on the basis of Art. 6 para. 1 s. 1 lit. a GDPR
- Analytics - Processing of meta/communication data (e.g. device information, IP addresses)
The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it.
9.9.2 Processing on the basis of Art. 6 para. 1 s. 1 lit. b GDPR
- Identity checks of Client - Processing of personal identification data (e.g. ID documents, biometric data) and meta/communication data (e.g. device information, IP addresses)
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to retain it.
9.9.3 Processing on the basis of Art. 6 para. 1 s. 1 lit. c GDPR
- Blockchain transaction analysis - Processing of Transaction data and meta/communication data (e.g. IP addresses)
- Compliance with regulatory requirements in the area of financial transactions - Processing of financial transaction data and meta/communication data (e.g. IP addresses)
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to retain it.
9.9.4 Processing on the basis of Art. 6 para. 1 s. 1 lit. f GDPR
- Hosting - Processing of usage data (e.g. web pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses)
- Application security - Processing of content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses)
- Email services, document management and team communication - processing of content data (e.g. emails, documents) and meta/communication data (e.g. IP addresses, device information)
- Internal workflows - processing of Content data (e.g. tickets, comments) and meta/communication data (e.g. IP addresses)
- Customer communication and support - processing of meta/communication data (e.g. IP addresses, device information)
- System performance monitoring and error analysis - processing of meta/communication data (e.g. log files, IP addresses, device information)
- Telephone customer communication - processing of communication data (e.g. call data, call recordings) and meta/communication data (e.g. IP addresses, telephone numbers)
- Collection and management of customer feedback - processing of content data (e.g. feedback contributions) and meta/communication data (e.g. IP addresses)
- Internal documentation and collaboration - processing of content data (e.g. notes, documents) and meta/communication data (e.g. IP addresses)
- Anti-money laundering and fraud prevention - processing of content data (e.g. transaction details) and meta/communication data (e.g. IP addresses, device information)
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to retain it.
9.9.5 Transfer of data outside of the EEA
In certain cases, data is also processed by third-party service providers outside the EEA. Processing is carried out on various legal bases;
- The legal basis for the transfer to a country outside the EEA are adequacy decision. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed because the EU Commission has decided as part of an adequacy decision in accordance with Art. 45 para. 3 GDPR that the third country ensures an adequate level of protection.
- The legal basis for the transfer to a country outside the EEA are standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. The security of the data transferred to the third country is guaranteed because the third-party service provider has undertaken to comply with these clauses.
10. International data transfer
Will my data be transferred to third countries or international organizations?
Your personal information may be viewed, transferred to, and/or stored by employees or service providers outside the country in which you are currently located, and the data protection laws of such countries may be of a lower standard than those in the European Union. However, FIOR will protect personal data in accordance with this privacy policy under all circumstances.
If personal data is processed in a third country (outside the European Union (EU) or the European Economic Area (EEA)) or is this done in connection with the use of third-party services or the disclosure and/or transfer of personal data to third parties, this is only done to the extent necessary to fulfill our (pre-) contractual obligations or on the basis of consent or a legal obligation or to protect legitimate interests. Subject to legal or contractual approvals, we only process personal data in a third country if the conditions of Art 44 ff GDPR are met. This means, for example, that the processing and transfer is carried out on the basis of special protective measures, such as in compliance with a code of conduct or a certification mechanism together with the binding and implementing obligation of the recipient in the third country to comply with the appropriate data protection measures and to comply with officially recognized special contractual obligations of the European Commission (so-called “standard contractual clauses”).
If you need more information regarding international data transfers, or if you would like a copy of the specific security measures for exporting your personal data, feel free to contact privacy@fior.digital.
13. Retention and deletion periods
How long will my personal data be processed (stored) and when will it be deleted?
If necessary, we store your personal data for the duration of the entire business relationship (from initiation to performance to termination of a contract) and in principle for 1 year after the end of the business relationship. In addition, we only store your data for a longer period of time, as part of legal storage and documentation obligations, to defend against legal claims or with your express consent.
The storage periods for data result from the legal storage periods or limitation periods. According to the Companies Code (UGB) and the Federal Tax Code (BAO), this is 7 years, according to the Financial Market Money Laundering Act (FM-GWG) 10 years, under the Equal Treatment Act (GIBG) half a year, under MiCAR 5 years and in certain cases between 3 and 30 years according to ABGB, e.g. when data is required as evidence of legal disputes or as long as there are other legitimate interests in storage.
Unless otherwise expressly stated in this privacy policy, the personal data processed by us will be deleted as soon as it is no longer required for its processing purpose and the deletion does not conflict with any other legal storage requirements.‍‍
14. Rights of data subjects
What rights and options do I have regarding my data under the GDPR?
Right to information: You have the option to request confirmation as to whether we process your personal data. If we process personal data about you, you have the right, within a reasonable period of time, to receive information from us about the personal data we have stored about you and to receive a copy of the processed data.
Right to rectification: You have the right to request that incorrect personal data concerning you be corrected. With regard to the purposes of processing, you also have the right to have incomplete personal data completed, including through a supplementary statement from you.
Right to delete:
You have the right to request that FIOR delete your personal data if one of the following reasons applies and no further processing of this data is necessary:‍‍
- The personal data is no longer required for the purposes for which it was collected
- You have withdrawn your consent on which the processing is based and there is no other legal basis or overriding legitimate interest in the processing
- The personal data was processed unlawfully; or
- The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member State to which the person responsible is subject
Requests for deletion of personal data must state the corresponding reason (Article 17 (1) GDPR).
Right to restrict processing:
You have the right to ask us to restrict processing if one of the following conditions is met
- You dispute the accuracy of the personal data (the restriction is for a period of time that enables FIOR to verify the accuracy of the data)
- The processing of your data was unlawful and you object to the deletion of the data and instead request that their processing be restricted
- FIOR no longer needs your personal data for processing purposes, but you still need them to assert, exercise or defend legal claims; or
- You have objected to the processing of your personal data and it has not yet been determined whether FIOR's legitimate reasons outweigh yours
Right to data portability:
Du hast das Recht, die dich betreffenden personenbezogenen Daten, die du uns zur Verfügung gestellt hast, in einem strukturierten, allgemein gebräuchlichen und maschinenlesbaren Format zu erhalten. Du kannst auch verlangen, dass wir diese Daten direkt an einen von dir benannten Verantwortlichen weitergeben, soweit das technisch möglich ist und die Rechte und Freiheiten anderer nicht beeinträchtigt werden. Das Recht auf Datenübertragbarkeit kann nur ausgeübt werden, wenn die Grundlage der Verarbeitung entweder deine Einwilligung oder eine (vor-)vertragliche Notwendigkeit ist und die Verarbeitung automatisiert erfolgt ist. Das Recht auf Datenübertragbarkeit gilt nicht für Verarbeitungen, die für die Wahrnehmung von Aufgaben erforderlich sind, die im öffentlichen Interesse liegt oder in der Ausübung öffentlicher Gewalt erfolgt, die dem Verantwortlichen übertragen wurde.
Right to object:
Du hast das Recht, der Verarbeitung deiner personenbezogenen Daten jederzeit zu widersprechen, wenn diese aufgrund unserer berechtigten Interessen erfolgt. Wenn du der Verarbeitung widersprochen hast, werden wir deine personenbezogenen Daten nicht mehr verarbeiten, es sei denn, wir können zwingende schutzwürdige Gründe für die Verarbeitung nachweisen, die deine Interessen, Rechte und Freiheiten überwiegen oder wenn die Verarbeitung der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen dient. Der Widerspruch hat keinen Einfluss auf die Rechtmäßigkeit der Verarbeitung deiner personenbezogenen Daten aufgrund berechtigter Interessen, die noch vor deinem Widerspruch erfolgt sind.
contact:
Zur Ausübung eines der oben genannten Rechte kannst du eine E-Mail an privacy@fior.digital senden. Bitte beachte, dass wir für solche Anfragen weitere Identifikationsdaten von dir benötigen (z.B. Reisepass, Personalausweis, etc.), um sicherzustellen, dass deine personenbezogenen Daten nur an dich weitergegeben werden.
15. Objection to advertising
How can I object to the processing of my data for advertising purposes?
You can also object to any use of your personal data for advertising purposes. If you would like to object in principle to the processing of your data for advertising purposes, please contact us by e-mail at privacy@fior.digital. The objection has no influence on the lawfulness of the processing of your personal data based on legitimate interests that took place even before your objection.
Bitte beachte allerdings, dass ein solcher Widerspruch nur gegenüber FIOR erfolgt und du auch nach einem solchen Widerspruch möglicherweise noch Werbung über FIOR von anderen Anbietern auf anderen Webseiten erhältst, auf welche wir keinen Einfluss haben.‍‍
16. Automated decisions
Does FIOR Digital use my personal data for automated decision-making, including profiling?
‍
FIOR Digital does not use personal data for automated decision-making processes, including profiling within the meaning of Art 22 GDPR (e.g. decisions that have legal effect on data subjects or significantly affect them in a similar way and which are based exclusively on automated processing of personal data, including the creation of profiles).‍‍
17. Processing for other purposes
Is my personal data processed for purposes other than those for which it was collected?
‍
In principle, at FIOR Digital, we only process personal data for the purposes for which it was collected. In exceptional cases, however, we may process your personal data collected for a specific purpose for another purpose. In such a case, before the intended processing, we will inform you of the new purpose, the duration of storage, the exercise of data subject rights, the possibility of withdrawing consent, the existence of the right to file a complaint with the data protection authority and whether the provision of the data is necessary for legal or contractual reasons and what the consequences would be if the data is not provided and whether automated decision-making or profiling is used.
18. Supervisory authority
Which supervisory authority can I file a complaint with?
‍
You have the right to lodge a complaint with the competent supervisory authority if you think that your rights under the GDPR have been violated. In Austria, this is the data protection authority.
19. Declaration of consent
How do I get my consent and how can I withdraw my consent?
By ticking the appropriate box as part of the registration process or in the event of an update after logging into your FIOR Digital account, you expressly confirm that you have read the privacy policy and that you agree to the processing of your personal data as described there.
Durch Ankreuzen des jeweiligen separaten Kästchens für News und Updates per E-Mail (Newsletter) erklärst du dich ausdrücklich damit einverstanden, dass du elektronische Nachrichten wie unter Punkt 10 beschrieben erhalten möchtest.
Du hast das Recht, deine Einwilligung jederzeit gegenüber der FIOR, oder per E-Mail an privacy@fior.digital zu widerrufen. Bitte beachte, wenn du deine Einwilligung widerrufst, können wir dir nicht mehr alle unsere Services und Produkte anbieten. Der Widerruf deiner Einwilligung hat keinen Einfluss auf die Rechtmäßigkeit der Verarbeitung deiner personenbezogenen Daten aufgrund einer Einwilligung noch vor deinem Widerruf hat.
20. Data security
How is my personal data protected?
Data security is very important to us and we are committed to protecting the information we collect. We have comprehensive administrative, technical, and physical measures to protect your personal information from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. These measures comply with the highest international safety standards and are regularly reviewed for their effectiveness and suitability to achieve the desired safety goals.
Wir haben beispielsweise die folgenden technischen und organisatorischen MaĂźnahmen umgesetzt:
- SSL encryption of our websites from which we send personal data
- Ensuring the confidentiality, integrity, availability, and resilience of our systems and services
- Using encrypted systems
- Measures to quickly restore the availability of personal data in the event of a physical or technical incident
- Privacy by Design and Default measures on our platform, such as preventing user enumeration, including “user enumeration”
- Introduction of procedures for regular review, evaluation and evaluation of the effectiveness of technical and organizational measures to ensure the security of data processing, such as the “bug bounty” program
- Internal IT security guidelines and IT security training
- Incident Management
21. Update to this privacy statement
How will I find out about changes to this privacy statement?
‍
FIOR Digital is committed to keeping the principles of data protection up to date. For this reason, we regularly review and update our privacy policy. This ensures that it is presented correctly and clearly on our website, contains appropriate information about your rights and our processing activities (including with regard to technical changes or business development), is implemented in accordance with applicable law and thus meets data protection requirements. We update this privacy statement from time to time as necessary to adapt it to current circumstances. If we make significant changes to this privacy policy, we will notify you after logging into your FIOR Digital account and will provide you with the updated version of the privacy policy. If required by applicable law, FIOR Digital will obtain your express consent to significant changes.
22. Contact
How can you contact us?
‍
If you have any further questions about this privacy statement or the processing of your personal data, please contact our data protection team: privacy@fior.digital
11. Social media
Is my data processed on social media platforms and who is responsible in such cases?
Is my data processed on social media platforms and who is responsible in such cases?FIOR is present on various social media platforms (see below) to communicate with active customers, potential customers and interested social media users about FIOR's services, products and other news. If you use such social media platforms, the general terms and conditions and the privacy policies of the platform operators also apply. We would like to point out that user data may also be processed outside the European Union. Due to different legal frameworks, this poses certain risks for users of these platforms (e.g. enforcement of the rights of data subjects may be difficult).
As part of the technical process of various social media platforms (e.g. Google, Facebook, X, etc.), they can record your behavior in the background, for example when you click on content or visit websites and you are still logged into your social media account at the same time. Such information is collected by social media platforms and associated with your social media accounts, regardless of whether you click on content from that platform or not. By logging out of your account, you can prevent these companies from linking the collected information to your accounts. The activities of such social media platforms cannot be controlled by FIOR and therefore we do not accept any liability for any damage that you may incur as a result of the use of your data by social media platforms.
Responsible person: FIOR can only process personal data from social media users if users communicate directly with FIOR via such platforms (e.g. number of visitors, posted articles, likes, direct messages, customer inquiries, comments, etc.). In such cases, FIOR is then also responsible for processing the personal data collected in the process. In addition to such data processing by us, the operators of social media platforms in particular also process users' personal data. We have no influence on this data processing and we are therefore not responsible for it — such data processing is therefore carried out exclusively within the area of responsibility of social media platforms.
For a detailed explanation of the respective data processing and objection options (opt-out) of social media platforms, we refer to the respective privacy policy of the operators (see below). Requests for information and other data subject rights in connection with social media platforms must be asserted with the respective operator. This is because only operators have access to their users' personal data and can therefore take the necessary measures and provide information.
Our social media pages and channels as well as the links to the respective privacy statements:‍
Privacy statement
21bitcoin social media
X
Link‍
Instagram‍
Link‍
‍Facebook‍
‍Link
‍LinkedIn‍
‍Link
‍‍Telegram
‍Link
YouTube
‍Link
‍‍TikTok
‍Link
Application via the LinkedIn button: If you use the option to apply with the social media sign-in button “Apply with LinkedIn” from the social network LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA), you allow FIOR limited access to your LinkedIn profile. After clicking on the “Apply with LinkedIn” button, you will be redirected to LinkedIn to enter your LinkedIn login details. You can then select the data that you want to share with FIOR. Only the data you have selected will be transferred to FIOR. FIOR does not receive any information about your login or login details on LinkedIn. You can also find more information in the Privacy statement from LinkedIn.