This privacy statement went into effect on March 25, 2026.
Coinmerce is an European cryptocurrency trading platform, where you, the customer, can buy and sell digital assets. Our office is located at Beechavenue 140, 1119 PR Schiphol-Rijk.
In order to make our services available to you, your personal data will be processed. We find it of utmost importance to handle your personal data with care. The processing of your data shall adhere to the General Data Protection Regulation ('GDPR'). The purpose of this privacy statement is to be transparent about the way we process your data: it explains which personal data we process, for what purposes personal data is being used and what we do to protect your privacy.
About us
Coinmerce acts as the Controller under the GDPR and is therefore responsible for the processing of your data. To exercise your rights under the GDPR or for other questions regarding the processing of your personal data, you can contact us via:
Coinmerce BV
Beechavenue 140
1119 PR Schiphol-Rijk
[email protected]
We are registered in the Dutch Chamber of Commerce under the number: 70036969.
About you
We may process your data in the following cases:
As a visitor of the website and/or app
As a customer
As a business partner and/or UBO
As a friend referral
Purpose & legal base
Purpose of Processing | Legal bases for Processing |
Customer onboarding (verifying your identity). | Legal requirement. |
Fulfil compliance requirements like a KYC check, fraud prevention, misuse of services, or money laundering. | Legal requirement. |
Fulfil compliance requirements like to determine your tax residency and report certain identification and tax information to competent authorities. | Legal requirement. |
Screening against PEP and sanction lists. | Legal requirement. |
To enforce the terms and conditions in the User Agreement and other agreements. | Your agreement with us. |
Provision of the services, including payments. | Your agreement with us. |
To provide customer support. | Your agreement with us or your consent. |
To keep our platform safe and secure. | Legal requirements and your agreement with us. |
To perform marketing activities. | Your consent or our legitimate interests. |
Improvement and user experience. | Your consent or our legitimate interests. |
To provide a secure website. | Legal requirement. |
When you apply for a job with us. | Consent or steps prior to an (employment) contract. |
How and what data we collect
Via cookies and/or other techniques
When you are interacting with the website, we try to optimize your user experience. We track usage and engagement data such as the duration of spending on the website, from what browser etc. Our website and application use cookies and similar technologies to increase user friendliness, effectiveness and security as well as for advertising purposes. Cookies are small text files stored on your computer by your browser. For more information and the use of cookies by Coinmerce, please refer to our Cookie Policy.
Information you share with us
When you are creating a user account with us, we will need you to share some details with us. Coinmerce also needs to verify your identity. This is a legal requirement to prevent fraud. We may process the following data:
Name (name and surname)
Address
Date and place of birth
Gender
Email address
Phone number
Location details (such as IP address and tax residency)
Financial data (IBAN, digital wallet addresses, balance, source of funds)
Identification details (copy ID)
Selfie
Data that our website/app collects, such as metadata
Communication details
In case of a business relationship, UBO and corporate information that may contain identifiable data:
First and last name
Date and place of birth
Nationality
Copy of an identity document (such as a passport or ID card), including document number and photograph
Residential address and other address details
Contact details such as correspondence address
Information regarding ownership interests in a company (such as shareholdings or Ultimate Beneficial Owner (UBO) interests)
Information regarding positions and roles within an organization (such as director, shareholder, or authorized signatory)
Signatures and information relating to signing or representation authority
Information obtained from trade registers (such as Chamber of Commerce extracts or UBO register information)
Information contained in corporate documentation, such as articles of association, shareholder registers, and organizational structure documents
Address verification information (for example through bank statements, utility bills, or official government correspondence)
In case you apply for a job:
Contact details
Salary information
Resume
Other information (optional)
Onboarding
For verification and identification purposes we ask you to provide a copy of a valid ID card, a passport or a driving license. We need this information to verify your identity with the details submitted in your application. The selfie submitted during your onboarding will be verified against the photo on the ID document. Please make sure that a social security number is being masked when providing a copy of identification documents.
Data sharing — Tax authorities
On 30 December 2024, the Travel Rule Regulation (TFR) came into effect. The purpose of the TFR is to prevent money laundering and terrorism financing by enhancing transparency in digital asset transactions. Under the TFR, Coinmerce has an obligation to share information about you with other crypto asset service providers when you transfer digital assets to those providers.
Reporting data through DAC8/CARF
As of the 1st January 2026, Coinmerce has the legal obligation (under DAC8 and CARF) to collect, maintain, and report specific information about you and your transactions, that fall within the scope of these reporting obligations, to the competent tax authorities. DAC8 together with the CARF framework, aims to combat tax evasion and avoidance and to increase tax transparency on a global level. Because of these legal requirements we will collect and verify your tax residency and TIN number.
Data collected by us / received from third parties
Public databases are used via third party processors like ComplyAdvantage, Chainalysis, and Notabene to obtain information about your transactions on the blockchain. We are required to perform screening checks against PEP lists, sanction lists and other databases to help prevent fraudulent behaviour and keep our platform safe. When digital asset transfers involve other virtual asset service providers, we may receive or share certain information about the originator or the beneficiary of the transfer.
Data Processors and data sharing
For the best performance of our services, your personal data will be processed by third party processors. We have a strong third party framework in place to make sure these processors are compliant with GDPR standards and other legal requirements. Where Coinmerce makes use of (sub-) processors, Coinmerce has entered into agreements with these (sub-) processors in order to ensure that appropriate organizational and technical measures are taken.
Coinmerce may also pass on the data to suppliers, e.g. audit agencies, government institutions, subcontractors and to companies and/or persons it has engaged to perform certain tasks (including (sub)processors).
In addition, Coinmerce may provide your data to third parties if it is entitled or obliged to do so on the basis of the applicable laws and/or regulations, a court order or a legal judgement, or if it has obtained your permission to do so. This includes the sharing of personal data and transaction information to the competent tax authorities.
Location of processing
Coinmerce processes your personal data within the European Economic Area (EEA) as far as possible. If we are required to transmit personal data to tax authorities outside of the EEA in line with DAC8, CARF or other applicable laws, or if transmission takes place outside the EEA, Coinmerce will take the necessary measures to ensure that appropriate guarantees are in place with regard to this transmission.
Retention
Coinmerce will not store your personal data any longer than necessary for the purposes for which it was collected and will comply with the applicable laws and regulations in this regard. The information you provide to us for the purpose of trading on our platform, KYC data and other data provided based on legal requirements will be kept for seven years (statutory retention period). If no activity took place in your account for one year, your data will be deleted after that year. This is also the retention period for our business relationship.
Marketing data will be stored for a maximum of 2 years.
Application data will be stored for a maximum of 4 weeks unless you gave us permission to store it for 12 months.
After the retention period has expired, your data will be deleted/erased/anonymised within a period of three months. This period is necessary due to the processing time of this operation.
Automated decision-making
Coinmerce uses a third party provider to read and verify your ID document, submitted during onboarding, to check whether the photo on your ID document matches the selfie submitted. It also checks whether the data on the ID document matches the data submitted by you. If no issues are identified during this process, the ID document is automatically approved. If the system cannot match the data, the compliance team will perform a manual review. Minors will automatically be rejected as they are not allowed to use our services under our user agreement.
If your ID verification is rejected in the process, you can re-submit your information or request for a manual review by reaching out to our support team: [email protected].
Coinmerce uses a third party provider to automatically screen customer profile data against PEP lists, sanction lists, and other databases. This screening is performed during the onboarding process and continues on an ongoing basis to help ensure the security and integrity of our platform is compliant with legal obligations.
Security
Coinmerce will make every effort to take appropriate organizational and technical measures to protect your personal data against unlawful processing and/or loss. (Sub-)processors are bound by the same obligations.
Technical measures include but are not limited to: encryption of data at rest, strong password controls, role-based access management, 2FA and physical security measures.
Coinmerce employees and employees of (sub-)processors who have access to your personal data are bound by a non-disclosure clause and trained on a regular basis.
What are your rights?
If you would like to access, receive a copy, correct, add, delete or object to the processing of your personal data, you can. You can contact us by writing an email in which you indicate whether you:
Request access to, or a copy of your personal data
Request the rectification of inaccurate or incomplete personal data
Request the erasure ('right to be forgotten') of personal data
Request the restriction of the processing of personal data if they are processed incorrectly or incompletely
Request that your personal data be transferred to you or another controller (data portability)
Have a different wish or question
Please indicate as clearly as possible what data is involved and what you expect from us. We will verify your identity to make sure we share the information with the right person. Coinmerce will comply with your request within the legal terms.
Send your email to: [email protected]
Questions and complaints
For questions or complaints regarding the handling of your personal data you can contact us anytime via the following contact details:
Coinmerce Group Attn. Data Protection Officer
Beechavenue 140
1119 PR Schiphol-Rijk
[email protected]
Coinmerce will respond to your request, comment or complaint as quickly as possible but at the latest within one month. An extension of another 2 months, depending on the complexity and number of requests, comments or complaints, is possible. We will inform you of this within one month of receiving your request.
Coinmerce has appointed a Data Protection Officer ('DPO'), registered with the leading supervisory authority, the Autoriteit Persoonsgegevens. If you wish to contact our DPO, please note this in your e-mail to us and we will ensure to re-direct your message accordingly.
Supervisory authority
Do you think that Coinmerce has violated your rights regarding your data processing and were you unable to reach a solution with us? If so, you can lodge a complaint about this with the leading supervisory authority, the Dutch Data Protection Authority ('Autoriteit Persoonsgegevens'). Please consult the website: www.autoriteitpersoonsgegevens.nl
Date and changes
Coinmerce may amend this privacy statement at any time. Any amendments made will apply following the announcement of the update. The most up-to-date version of the statement can always be consulted on our website. In case of material changes we will inform you via e-mail and/or in the app.