updated on 27.01.2022
Data protection and the security of transactions are core elements of the Bitcoin network.
FIOR Digital values the trust that you as a customer place in us when trading Bitcoin on our platform. For this reason, data protection and data security have an extremely high priority for FIOR Digital. It is very important to us that you feel secure when using our platform and services, as well as doing anything else with us.
Once you use FIOR Digital's products and services, you entrust us with your personal information. We want to offer you the best possible experience with our platform so that you can enjoy using our products and services now and in the future. That's why we also want to understand user behavior on our platform in order to continuously improve it. In addition to our services, it is also necessary for such activities to process your personal data. With this data protection declaration, we would therefore like to inform you in a transparent and detailed manner about which personal data we collect from you, how we process it and to whom we transmit it. In addition, we would like to inform you about the precautions we take to protect your personal data, what rights you have in this context and who you can contact if you have any questions about data protection.
With regard to the terms used in this data protection declaration, such as "processing" or "person responsible", we refer to the definitions of the DSGVO.
FIOR Digital GmbH (hereinafter referred to as “FIOR Digital” or “we”) offers via the website www.21bitcoin.app and the mobile application (“Mobile App”) (hereinafter collectively referred to as “Website” or “Platform”) services and products related to the purchase and sale of Bitcoin. FIOR Digital GmbH, based at Rupertiwinkelstraße 19, 5020 Salzburg, Austria, entered in the commercial register of the Salzburg Regional Court under FN 556789h, is the provider of the platform and responsible for trading Bitcoin on it.
Are minors allowed to use the services of FIOR Digital?
No, FIOR Digital's products and services are not directed to persons under the age of 18. Only persons of legal age may use the services of FIOR Digital and register on the platform. Therefore, to the best of our knowledge, we do not collect any personal data from minors. So if you are under the age of 18, please do not use our platform and do not submit any personal data to us.
Who is responsible for data processing and who can I contact?
FIOR Digital is aware that the protection and careful handling of your personal data is very important. FIOR Digital uses the personal data you provide only in accordance with the applicable data protection laws of this data protection declaration and your consent.
If you have any questions related to the processing of your personal data and exercising your rights under the GDPR, please feel free to contact our data protection team: firstname.lastname@example.org. Please note that for certain inquiries we require further identification data from you (e.g. passport, identity card, etc.) to ensure that your personal data is only passed on to you.
Which of my personal data is processed and from which sources do this data come?
We process the personal data that we receive from you as part of the business relationship and the use of our website. In addition, data from credit agencies, debtor registers, providers of business analyzes (e.g. CRIF GmbH, KSV 1870 Holding AG, Factiva Limited) and from publicly accessible sources (e.g. company register, register of associations, land register, media, sanctions lists) may be processed.
When using the services of FIOR Digital or otherwise interacting with FIOR Digital, the following of your personal data may be processed:
For what purposes and on what legal basis is my personal data processed by FIOR Digital?
All data processing at FIOR Digital takes place in accordance with the GDPR and the Austrian Data Protection Act (DSG). We always process your personal data on the basis of at least one of the legal bases listed below. If we ask you to provide additional personal data not listed above, you will be informed of the purpose and legal basis for the collection and processing of this data at the time of collection.
The processing of personal data may be necessary to fulfill contractual or pre-contractual obligations towards you. The following data processing operations are, for example, covered by such a contractual obligation:
The processing of personal data may also be necessary to fulfill various legal obligations (e.g. FM-GwG, GewO 1994, etc.). For example, the following data processing operations are covered by such legal obligations:
If necessary, data can be processed beyond the fulfillment of a contract to protect the legitimate interests of FIOR Digital or a third party. The following data processing operations are, for example, covered by such a legitimate interest:
If you have given us your consent to the processing of your personal data, the processing will only take place for the purposes specified in the declaration of consent and to the extent agreed therein. A given consent can be revoked at any time without giving reasons and with effect for the future if you no longer agree to the processing. For example, with your consent, we process data for the following purposes:
Does FIOR Digital process special categories of personal data?
No, FIOR Digital does not process any special categories of personal data from customers. This includes data revealing racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, as well as genetic and biometric data (Article 9 (1) GDPR).
Who receives my personal data?
The protection and confidentiality of your personal data is very important to FIOR Digital. For this reason, we only transfer your personal data to the extent described below or as part of an instruction at the time your data was collected. We will neither sell your personal data nor pass it on to third parties in any other way.
To a limited extent, we also transfer personal data to processors who provide services for us, such as authentication services (e.g. Onfido Limited), IT services (Amazon Web Services Inc.), customer support (Intercom Inc.), improving our website (Google Analytics ) and sending newsletters (e.g. Twilio Inc.). Processors may only use or pass on this data to the extent necessary to provide services for FIOR Digital or to comply with legal regulations. We contractually oblige such processors to ensure the confidentiality and security of your personal data that they process on our behalf.
Your personal information may be (I) if we are required to do so by law or legal process, (II) if we believe disclosure is necessary to prevent harm or financial loss, or (III) if it is in connection with a investigation of suspected or actual fraudulent or illegal activity, be communicated to any public body or institution.
Joint controllership: Where FIOR Digital acts as joint controller with other parties, we may provide those third parties with personal data, the processing always being based on at least one of the legal bases set out in point 7 above. In addition, in the case of joint responsibility, we only transfer your personal data on the basis of a sufficient agreement with the other persons responsible (Art 26 DSGVO).
Other third parties: FIOR Digital can process your personal data with your consent for disclosure or for the purpose of fulfilling the contract or at the request of the customers to other third parties before the conclusion of the contract.
Will my data be transferred to third countries or to international organizations?
Your personal data may be accessed, transferred to and/or stored by employees or service providers outside of the country in which you are currently located and the data protection laws of such countries may be of a lower standard than those in Europe Union. Nevertheless, under all circumstances, FIOR Digital will protect personal data in accordance with this privacy statement.
If personal data is processed in a third country (outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in connection with the use of third-party services or the disclosure and/or transmission of personal data to third parties, this only takes place , insofar as this is necessary to fulfill our (pre-)contractual obligations or on the basis of consent or a legal obligation or to protect legitimate interests. Subject to legal or contractual approvals, we only process personal data in a third country if the conditions of Art 44 ff GDPR are met. This means, for example, that the processing and transmission takes place on the basis of special protective measures, such as compliance with a code of conduct or a certification mechanism together with the binding and implementable obligation of the recipient in the third country to comply with the corresponding protective measures for data protection and officially recognized ones to comply with special contractual obligations of the European Commission (so-called "standard contractual clauses").
If you require further information regarding international data transfers or if you would like a copy of the specific safeguards applicable to the export of your personal data, please feel free to contact email@example.com.
Will my data be processed on social media platforms and who is responsible in such cases?
FIOR Digital is present on various social media platforms (see below) to communicate with active customers, potential customers and interested social media users about FIOR Digital's services, products and other news. If you use such social media platforms, the general terms and conditions and the data protection guidelines of the platform operators also apply. We would like to point out that user data can also be processed outside the European Union. Due to different legal frameworks, there are certain risks for the users of these platforms (e.g. enforcing the rights of the data subjects may be more difficult).
As part of the technical process of various social media platforms (e.g. Google, Facebook, Twitter, etc.), they can record your behavior in the background, for example if you click on content or visit websites while you are still logged into your social media account. Such information is collected by social media platforms and associated with your social media accounts, regardless of whether you click on content on that platform or not. By logging out of your account, you can prevent these companies from linking the information they collect to your accounts. The activities of such social media platforms cannot be controlled by FIOR Digital and therefore we do not accept any liability for damage that you incur as a result of the use of your data by social media platforms.
Controller: FIOR Digital can only process personal data of social media users if users communicate directly with FIOR Digital via such platforms (e.g. number of visitors, articles posted, likes, direct messages, customer inquiries, comments, etc.). In such cases, FIOR Digital is then also responsible for the processing of the personal data collected. In addition to such data processing by us, the operators of social media platforms in particular also process personal data of users. We have no influence on this data processing and we are therefore not responsible for it - such data processing is therefore exclusively the responsibility of the social media platforms.
For a detailed explanation of the respective data processing and the possibilities of objection (opt-out) of social media platforms, we refer to the respective data protection declaration of the operator (see below). Requests for information and other data subject rights in connection with social media platforms must be asserted with the respective operator. Because only the operators have access to the personal data of their users and can therefore take the necessary measures and provide information.
Our social media pages and channels and the links to the respective data protection declarations:
21bitcoin Social Media
On what legal basis will electronic messages be sent to me and how can I unsubscribe?
In our e-mail newsletter (e.g. weekly update) we inform you about the services and products of FIOR Digital. If you would like to receive our newsletter, you must register with your email address. Newsletters and other electronic notifications will only be sent by us with your express consent if you subscribe to the newsletter directly (double opt-in) or when registering for a FIOR Digital account or alternatively if there is another legal basis for this (e.g. § 107 para. 3 TKG). With the double opt-in procedure, we check whether you are also the owner of the email address provided or whether the owner agrees to receive electronic notifications. This procedure serves as evidence in cases in which a third party misuses an e-mail address by registering to receive the newsletter without the knowledge of the person actually entitled.
The infrastructure of the service Twilio, Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA is used to send our e-mail newsletter. You can find more information about Sendgrid in the Sendgrid data protection declaration.
You can unsubscribe from our newsletter at any time, e.g. by withdrawing your consent. You will find a link to unsubscribe at the end of each newsletter. Please note, however, that if you simply unsubscribe, we will continue to process your personal data until you revoke your consent to the storage of the data, so that we can prove the previously given consent to receive newsletters. Such processing is limited to the purpose of a possible defense against claims, and you have the right to request the deletion of your personal data.
How long will my personal data be processed (stored) and when will it be deleted?
If necessary, we store your personal data for the duration of the entire business relationship (from initiation to fulfillment to the termination of a contract) and generally for 1 year after the end of the business relationship. In addition, we only store your data for a longer period of time, within the framework of the statutory storage and documentation obligations, to defend against legal claims or with your express consent.
The retention periods for data result from the statutory retention periods or limitation periods. According to the Business Code (UGB) and the Federal Fiscal Code (BAO), this is 7 years, according to the Financial Market Money Laundering Act (FM-GWG) 10 years, according to the Equal Treatment Act (GIBG) half a year and in certain cases between 3 and 30 years according to the ABGB e.g. if data is required as evidence for legal disputes or as long as there are other legitimate interests in the storage.
Unless expressly stated otherwise in this data protection declaration, the personal data processed by us will be deleted as soon as they are no longer required for their processing purpose and the deletion does not conflict with any other statutory storage obligations.
What rights and options do I have regarding my data under the GDPR?
Right to information:
You have the option of requesting confirmation as to whether we are processing your personal data. If we are processing personal data about you, you have the right to receive information from us about the personal data we hold about you and a copy of the data being processed, within a reasonable period of time.
Right to rectification:
You have the right to have inaccurate personal data rectified to request data concerning you. With regard to the purposes of the processing, you also have the right to have incomplete personal data completed, also by means of a supplementary statement from you.
Right to erasure: You have the right to request the erasure of personal data concerning you from FIOR Digital if one of the following reasons applies and no further processing of this data is required:
The corresponding reason must be stated in the requests for the deletion of personal data (Article 17 (1) GDPR).
Right to restriction of processing:
You have the right to request that we restrict processing if one of the following conditions is met
Right to data portability:
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You can also request that we pass on this data directly to a person responsible named by you, insofar as this is technically possible and the rights and freedoms of others are not affected. The right to data portability can only be exercised if the basis of the processing is either your consent or a (pre-)contractual necessity and the processing is automated. The right to data portability does not apply to processing that is necessary for the performance of tasks that are in the public interest or in the exercise of official authority that has been transferred to the person responsible.
Right of objection:
You have the right to object to the processing of your personal data at any time to object if this is based on our legitimate interests. If you have objected to processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or if the processing is necessary for the establishment, exercise or defense of legal claims serves. The objection does not affect the lawfulness of the processing of your personal data based on legitimate interests that occurred before your objection.
To exercise any of the above rights, you can send an email to firstname.lastname@example.org. Please note that for such requests we require further identification data from you (e.g. passport, identity card, etc.) to ensure that your personal data is only passed on to you.
How can I object to the processing of my data for advertising purposes?
You can also object to any use of your personal data for advertising purposes. If you would like to fundamentally object to the processing of your data for advertising purposes, please contact us by email at email@example.com. The objection does not affect the lawfulness of the processing of your personal data based on legitimate interests that occurred before your objection.
Please note, however, that such an objection is only made to FIOR Digital and, even after such an objection, you may still receive advertising about FIOR Digital from other providers on other websites over which we have no influence.
Does FIOR Digital use my personal data for automated decision-making including profiling?
FIOR Digital does not use personal data for automated decision-making processes including profiling within the meaning of Art 22 DSGVO.
Will my personal data be processed for purposes other than those for which it was collected?
Basically, at FIOR Digital we only process personal data for the purposes for which it was collected. In exceptional cases, however, we can process your personal data collected for a specific purpose for another purpose. In such a case, we will inform you before the intended processing of the new purpose, the duration of storage, the exercise of the rights of the data subject, the possibility of withdrawing consent, the existence of the right to lodge a complaint with the data protection authority and whether the provision of the data is necessary for legal or contractual reasons and the consequences of not providing the data and whether automated decision-making or profiling is used in the process.
Which supervisory authority can I lodge a complaint with?
You have the right to lodge a complaint with the competent supervisory authority if you believe that your rights under the GDPR have been violated. In Austria, this is the data protection authority.
How do I give my consent and how can I revoke my consent?
By ticking the respective separate box for news and updates by email (newsletter), you expressly agree that you wish to receive electronic messages as described under point 10.
You have the right to revoke your consent at any time by contacting FIOR Digital GmbH or by sending an email to firstname.lastname@example.org. Please note that if you withdraw your consent, we will no longer be able to offer you all of our services and products. The revocation of your consent does not affect the lawfulness of the processing of your personal data based on consent before your revocation.
How is my personal data protected?
The security of data is very important to us, and we are committed to protecting the data we collect. We have extensive administrative, technical and physical measures in place to protect your personal information from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. These measures correspond to the highest international safety standards and are regularly checked for their effectiveness and suitability for achieving the desired safety goals.
For example, we have implemented the following technical and organizational measures:
How can you contact us?