Privacy Policy

    1. General

    1.1 Bitpanda GmbH (formerly Coinimal GmbH) with its business address at Burggasse 116/3 & 3a, 1070 Vienna, Austria, registered in the commercial register of the Commercial Court of Vienna under FN 423018k (hereinafter referred to as "Bitpanda" or "we"), offers via www.bitpanda.com (the "Website") services related to buying and selling digital currencies. This Privacy Policy explains how personal data are processed by Bitpanda if a person uses Bitpanda's services, the Website or otherwise interacts with Bitpanda (such person hereinafter called "Customer"). Only persons of legal age are permitted to use the website and to register to it.

    1.2 Bitpanda is the controller and responsible person for the personal data processed via the Website. Bitpanda is aware that the protection and careful handling of the Customer's personal data are very important. Bitpanda will solely use the personal data provided by the Customer in compliance with the applicable data protection requirements, this Privacy Policy and the consent of the Customer.

    1.3 The Customer is obliged to keep his personal data correct and up to date.

    1.4 The Privacy Policy is drafted in English and in German. In case of conflict the English version shall be the binding version.

    2. Categories of personal data and the purpose for using the personal data

    2.1 When using Bitpanda's services or interacting with Bitpanda the following personal data are processed:

    (a) Contact data: e.g. when creating a new user account or communicating with Bitpanda (i.e. name, address, telephone number, email, birthdate, password in encrypted form) depending on the level of verification.

    (b) Verification data: when an account is verified (i.e. screenshots of national identity documents, like passport, driving license ID card, and identification data from these documents, utility bill details for residence verification)

    (c) Financial data: in the course of purchase and sale transactions (i.e. bank details payment service provider information, payment details, transaction-ID).

    (d) Log data: during activities on the Website, (i.e. IP-address, transaction data, deposit and withdrawal address, computer or mobile device information, IP-address, operating system, browser type, device type, unique device identification number).

    (e) Company details if a business account is requested (i.e. commercial register report, data of or concerning beneficial owners, records or additional information on recent, past or planned business activities, other data necessary to determine/validate the structure, the beneficial ownership or any power of attorney of the company).

    (f) Details to and proof of funds: i.e. banking statements or any other details provided by banks or financial institutions, contracts of sales or contracts in general, or any other suitable data to prove or determine the origin of funds, if exceeding the daily/monthly or general limits on Bitpanda or upgrading to Bitpanda Plus “High Limit Service or OTC Service” (more info https://www.bitpanda.com/plus). In order to determine Customer's purpose for using the above-mentioned services or trading volume additional information on recent, past or planned business or personal activities of business or private Customers or other data to determine the Customer’s intentions, if necessary, can be processed, as requested by Bitpanda or provided by the Customer.

    (g) Personal data provided to the support team when the Customer submits a request to Bitpanda's support team or any other member of the Bitpanda team.

    2.2 The personal data are used for the purpose of performing the contract or in order to take steps at the request of the data subject prior to entering into a contract, verification of the Customer’s identity, prevention of fraud and misuse, risk management, payment processing and chargebacks, proof of purchase and selling, comparison during the course of business, to respond to Customer service and support requests, inform about important updates of Bitpanda's services and terms, and analyse and improve the website's quality and usage experience. The personal data listed above under 2.1 a), b), c), d), e), f) and g) are required for entering into and performance of the contract. If Customer fails to provide such data Bitpanda will not be able to provide its services to the Customer.
    The basis for such processing is contract performance (Art 6 para 1 lit b GDPR), compliance with legal obligations to which Bitpanda is subject (Art 6 para 1 lit c GDPR), and Bitpanda's legitimate interests in measures regarding prevention of fraud and misuse of its services (e.g. for illegal purposes) and risk management when operating its business and interacting with Customers (Art 6 para 1 lit f GDPR). Upon the Customer's prior consent (Art 6 para 1 lit a GDPR) the personal data may be used for marketing, direct advertisement (see point 5 "Newsletters" below), and Website analysis and improvement (see point 4 "Cookies" below).

    2.3 If Bitpanda will ask to provide any other personal data not described above, then such data and the purpose and legal basis for the collection and processing, will be communicated to the Customer at the point of collecting the personal data.

    3. Recipients of personal data

    3.1 The Customer agrees, that for the purpose of the identity verification, personal data will be forwarded to one of the following verification provider which the Customer choses: IDnow GmbH, Auenstraße 100, 80469 Munich, Germany; verify- U AG, Peter-Sander-Straße 41a, 55252 Mainz-Kastel, Germany; WEBID SOLUTIONS GMBH, Friedrichstraße 88, 10117 Berlin, Germany; identity Trust Management AG, Lierenfelder Straße 51, 40231 D¨sseldorf, Germany. When selecting a Verification provider, the respective companies are clearly stated as IdentityTM, IDNow, WEBID and verify-U. Depending on the level of verification the following personal data may be transferred to the chosen verification provider first name, surname, address, birthdate, email address, telephone number. Only for the verification level „Gold“ or the „Gold verification“ the Customer's identity will be checked via a video-identification process. Without providing the personal data required for the respective level the verification is not possible.

    3.2 For purposes of AML (anti-money-laundering) and CFT (Combating the Financing of Terrorism) Bitpanda conducts - based on its legitimate interest to prevent fraud and misuse of its services (Art 6 para 1 lit f GDPR) - an examination of politically exposed persons and sanctioned persons in the course of the Know-Your-Customer process for the level "Gold verification" only. Therefore, after completion of the video verification for level Gold Customer's name and date of birth – and in case of opening a company account the company's name and its companies register excerpt (including name, address and birth date of its owners, representative bodies, e.g. managing directors, and authorized proxies contained therein) - will be transferred to and checked by Factiva Limited, 1 London Bridge Street, London SE1 9GF, United Kingdom, against a register of politically exposed persons and sanctioned persons. Without the transfer and check of these data it is not possible to open an account with Bitpanda. Based on this check Factiva Limited informs Bitpanda whether the Customer is a politically exposed persons or sanctioned persons. For further information on the possible results and consequences of the due diligence process please see Bitpanda's Terms and Conditions.

    3.3 In case Customer uses the "Bitpanda support tool" provided by Zendesk Inc, 1019 Market St., San Francisco, CA 94103, USA, or submitting a support request to "[email protected]" Customer's personal data (e-mail address, name, IP-address and the additional data submitted directly by the Customer to handle the support request) are transferred to and processed by Zendesk, Inc in the USA. Zendesk, Inc is certified under the EU/US Privacy Shield. The USA is a country for which an adequate level of data protection has not been determined. Subject to local provisions Customer's personal data may be accessed by authorities of such country in accordance with local laws and regulations.

    3.4 Further, Bitpanda may share the personal data with

    (a) our employees who need them to fulfill contractual and legal obligations and legitimate interests, its subsidiary Pantos GmbH, Vienna, Austria, for the purpose of processing the Initial Coin Offerings ("Pantos ICO") or to perform crowdsales and to its subsidiary Bitpanda UK Limited, London, United Kingdom, for the purpose of processing payments made by the Customer required to complete the transaction. A list of Bitpanda's current group companies is available here:

    • Bitpanda UK Limited, 68 Hanbury Street, E1 5JL, London, United Kingdom
    • Pantos GmbH, Burggasse 116/3, 1070 Vienna, Austria

    (b) third party services providers and partners who provide data processing services to Bitpanda, or who otherwise process personal information for purposes that are described in this Privacy Policy or notified to Customer. A list of Bitpanda's current service providers and partners is available here:

    • Klarna Bank AB, Sveavägen 46, 111 34, Stockholm, Sweden
    • Paysafe Financial Service Limited, Canada Square 27-25, E14 5LQ, London, United Kingdom
    • mPAY24 GmbH, Gr¨ngasse 16, 1050 Vienna, Austria
    • hobex AG, Josef-Brandstätter-Straße 2b, 5020 Salzburg, Austria
    • MASTERPAYMENT GmbH, Petersbrunner Str. 1B, 82319 Starnberg, Deutschland
    • Merkur Inkasso GmbH, Faberstraße 2b, 5020 Salzburg, Austria
    • UniCredit Bank Austria, Schottengasse 6-8, 1010 Vienna, Austria

    (c) affiliate marketing partners if Customer registers to the "Bitpanda Affiliate Program". In the context of the registration Customer is informed about the affiliate partners to whom the personal data (first name, last name, company name, web URL, address, contact number, email address, and any other personal data directly transferred to the affiailite partner by the Customer) will be sent. Without the transfer of the information to the affiliate partner the participation in the affiliate program is not possible.

    (d) to any competent law enforcement body, regulatory, government agency, court or other third party where disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;

    (e) to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of Bitpanda's business. The Customer's personal data may be transferred to the new owners so that the services may continue to be provided to Customer provided that Bitpanda informs the buyer it must use personal data only for the purposes disclosed in this Privacy Policy;

    (f) to any other person with Customer's consent to the disclosure.

    4. The use of cookies and Google Analytics

    4.1 During the use of the Website, personal data may be collected through automatic data collection methods, such as cookies. Cookies are small data files which are saved to the Customer's computer or device and allow an analysis of the Customer’s usage behaviour on the Website. The personal data collected are computer or device information, including IP address, operating system, browser type, device type, unique device identification number, and data which represent the usage behaviour on the Website (e.g. the time spent on the Website, which pages were accessed or links clicked). These data are collected by Bitpanda to analyse and evaluate the effectiveness of Website and to improve its quality for a better Customer experience.

    4.2 Further, Bitpanda uses the services of the data processor Hotjar Limited, in Malta, to analyse and better understand Customer's needs and to optimize the Website's service and experience. Hotjar is a technology service that helps Bitpanda better understand the Website experience (e.g. how much time user spend on which pages, which links they choose to click, what users do and don’t like, etc.) enabling to improve the services. To this end Hotjar's cookies are stored that collect data on the Customers' Website behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display the Website). Hotjar stores this information in pseudonymized form. Neither Hotjar nor Bitpanda will use this information to identify individual users or to match it with further data on an individual Customer. For further details, please see Hotjar’s privacy policy by clicking on this link (https://www.hotjar.com/legal/policies/privacy). Customer can opt-out from Hotjar's cookies by following this opt-out link (https://www.hotjar.com/legal/compliance/opt-out).

    4.3 Further, Bitpanda uses Google Analytics, a web analytics tool by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies. The stored information of the use of the Website (e.g. pages visited, users activities on Website, time spent on the Website) which is generated by the cookies is transmitted and saved on a server by Google in the USA. This Website uses the IP anonymization on, whereby the IP address of the Customer is shortened by Google within the European Union and the European Economic Area. Only in exceptional cases the whole IP address is first transferred to a server of Google in the USA and then shortened.

    4.4 On behalf of Bitpanda, Google will use this information to evaluate the usage of the Website for reports about the Website activity and to fulfil further services towards the Website owners concerning the activity on the Website and internet. The Customer's IP address acquired from Google Analytics, will not be merged with other data from Google.

    4.5 By clicking on the "OK"-button in the Website's cookie banner the Customer agrees to the use of cookies. The consent can be withdrawn at any time by deleting the cookies form the terminal device and browser and adjusting the browser settings; this, however, may compromise the functionality of the Website. The withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.

    4.6 The Customer can disable cookies to be saved with specific browser settings; thereby the Customer might not be able to use all the offered functions on the Website to their full extent. Furthermore, the Customer can disable the collected website specific data (IP address) through cookies to be send and processed by Google, by downloading and installing the following browser plugin (http://tools.google.com/dlpage/gaoptout?hl=de).

    5. Newsletter

    5.1 Upon Customer's consent his email address, name, last login date, register date will be passed on to UAB "MailerLite", Paupio g. 28, LT-11341 Vilnius, Lithuania in order to receive per email newsletters and information from Bitpanda and its subsidiary Pantos GmbH regarding Bitpanda's and Pantos GmbH's events, new products, services and app features.

    6 Data Retention

    6.1 Bitpanda erases the Customer's personal data in principal 1 year after termination of the contractual relationship or before if the data is not required for the purpose for which they were collected anymore. A longer retention may be necessary due to guarantee, warranty, statute of limitations (e.g. the limitation period for damages of 3 years or in specific cases the general limitation period of 30 years according to the Austrian General Civil Code (ABGB)) and statutory retention periods (e.g. under commercial or tax law) applicable to Bitpanda, or for the duration of any legal disputes in which the data are required as evidence or for as long as there are other legitimate interests in retention.

    7. Data subject rights

    7.1 In accordance with applicable law, the Customer has the right to access, correct, request deletion of his personal data, to object to the processing of his personal data, and to dataportability of his personal data, to request restriction of the processing of his personal data. To exercise these rights the Customer can send an email to [email protected] or a letter to Bitpanda GmbH, Burggasse 116/3 & 3a, 1070 Vienna, Austria. Bitpanda does not use personal data for automated decisions within the meaning of Art 22 GDPR (i.e. decisions producing legal effects concerning data subjects, or otherwise significantly affecting them, based solely on automated processing of personal data, including profiling).

    7.2 The Customer has the right to file a complaint to the competent data protection authority, when he believes his data protection rights have been violated.

    8. Declarations of consent

    8.1 By checking the respective box as a part of the registration process, the Customer confirms to have read the Privacy Policy and agrees to the data processing as described herein.

    8.2 Further, by checking the respective separate box the Customer can consent that his email address name, last login date, register date will be sent to UAB "MailerLite" in order to receive marketing communication as described in point 5 above.

    The Customer has the right to withdraw his consents at any time via mail to Bitpanda GmbH, Burggasse 116/3 & 3a, 1070 Vienna, Austria, or via E-Mail to [email protected]. The withdrawal of his consent does not affect the lawfulness of processing based on consent before its withdrawal.

    9. Updates to this Privacy Policy

    9.1 Bitpanda may update this Privacy Policy from time to time in response to changing legal, technical or business developments. Bitpanda will take appropriate measures to inform the Customer, about the updates, consistent with the significance of the changes. Bitpanda will obtain Customer's consent to any material changes in this Privacy Policy if this is required by applicable data protection laws. The current version of this Privacy Policy is: May 2018.

    Ready to start trading?

    Get started now Get it on Google Play