Privacy Policy

Last Updated: December 10, 2025

1. Introduction and Data Controller

Coin Kapital 24 (hereinafter "we", "us" or "our") takes the protection of your personal data very seriously. This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data by us in connection with the use of our website and trading platform.

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:

2. Legal Basis for Data Processing

We process personal data only in accordance with applicable data protection laws, in particular the GDPR. The legal bases for processing your data are:

• Art. 6(1)(a) GDPR: Consent of the data subject
• Art. 6(1)(b) GDPR: Performance of a contract or pre-contractual measures
• Art. 6(1)(c) GDPR: Compliance with a legal obligation
• Art. 6(1)(f) GDPR: Legitimate interests of our company

3. Collection and Storage of Personal Data

3.1 When Visiting Our Website

When you access our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the accessed file
• Website from which access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer and the name of your access provider

The aforementioned data is processed by us for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Evaluating system security and stability
• For other administrative purposes

The legal basis for data processing is Art. 6(1)(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case do we use the collected data for the purpose of drawing conclusions about your person.

3.2 When Registering and Using Our Trading Platform

To use our trading platform, it is necessary to create a user account. In doing so, we collect the following personal data:

• Email address (required)
• Password (stored encrypted)
• Full name (optional)
• Phone number (optional, for two-factor authentication)
• Address data (optional, for verification purposes)
• Date of birth (for age verification, if required)
• Identity documents (during verification processes, stored encrypted)

The collection of this data is carried out to:

• Enable you to use our trading platform
• Verify your identity (as required by law)
• Comply with anti-money laundering laws and other regulatory requirements
• Communicate with you
• Process and document transactions
• Prevent fraud and ensure security

The legal basis for this processing is Art. 6(1)(b) GDPR (contract performance) as well as Art. 6(1)(c) GDPR (legal obligations, in particular in the area of anti-money laundering).

3.3 When Conducting Transactions

When conducting trades, we additionally collect and store:

• Transaction details (trading volume, prices, timestamps)
• Trading history
• Balance and position information
• Deposit and withdrawal information
• Payment information (bank account, credit card data - encrypted)

This data is processed to fulfill our contractual obligations, to comply with legal retention obligations, and to prevent fraud. The retention period is at least 10 years in accordance with the legal requirements of anti-money laundering laws and tax laws.

4. Disclosure of Data to Third Parties

Your personal data will not be transmitted to third parties for purposes other than those listed below. We only share your personal data with third parties if:

• You have given your express consent (Art. 6(1)(1)(a) GDPR)
• The disclosure is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data
• The disclosure is necessary to comply with a legal obligation (Art. 6(1)(1)(c) GDPR)
• This is legally permissible and necessary for the processing of contractual relationships with you (Art. 6(1)(1)(b) GDPR)

4.1 Payment Service Providers

To process payments, we work with various payment service providers. These receive the data necessary for payment processing. The payment service providers are independent controllers within the meaning of data protection law. Please note the privacy policies of the respective payment service providers.

4.2 Cloud Service Providers and Hosting

We use external service providers for hosting our website and storing data. These service providers process data exclusively on our behalf (data processing agreement pursuant to Art. 28 GDPR) and are contractually obligated to process your data only in accordance with our instructions and to take appropriate security measures.

4.3 Authorities and Regulatory Bodies

We may be required to disclose your data to authorities, regulatory bodies, or other public entities if this is legally required or necessary to fulfill legal obligations.

5. Cookies and Tracking Technologies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

5.1 Types of Cookies

We use the following types of cookies:

• Necessary Cookies: These are essential for the functioning of the website and cannot be disabled
• Functional Cookies: These enable the website to provide enhanced functionality and personalization
• Analytical Cookies: These help us understand how visitors interact with our website by collecting and reporting information anonymously
• Marketing Cookies: These are used to provide visitors with relevant ads and marketing campaigns on websites

5.2 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

In the event that IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-on to Disable Google Analytics.

6. Your Rights

You have the right to:

• Access (Art. 15 GDPR): You can request information about your personal data processed by us
• Rectification (Art. 16 GDPR): You can request the correction of incorrect or the completion of your personal data stored by us
• Erasure (Art. 17 GDPR): You can request the deletion of your personal data, unless legal retention obligations or legitimate interests of our side prevent deletion
• Restriction of Processing (Art. 18 GDPR): You can request the restriction of processing of your personal data
• Data Portability (Art. 20 GDPR): You can request that we provide you with your personal data in a structured, commonly used, and machine-readable format
• Objection (Art. 21 GDPR): You can object to the processing of your personal data for reasons arising from your particular situation at any time
• Withdrawal of Consent (Art. 7(3) GDPR): You have the right to withdraw your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future
• Complaint to a Supervisory Authority (Art. 77 GDPR): You have the right to complain to a data protection supervisory authority about our processing of personal data

To exercise your rights, please contact: support@coin-kapital.de

7. Data Security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest level of encryption supported by your browser during the website visit. Usually, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

These measures include in particular:

• Encryption of all sensitive data (end-to-end encryption)
• Regular security audits and penetration tests
• Access controls and authentication procedures
• Firewalls and intrusion detection systems
• Regular backups and disaster recovery plans
• Training of our employees in data security

8. Storage Duration

We store personal data only as long as necessary for the respective purposes or as required by legal retention periods. After the retention periods expire, the corresponding data is routinely deleted in accordance with legal provisions.

In detail, the following retention periods apply:

• Contract Data: 10 years after termination of the contractual relationship (according to HGB and AO)
• Trading Data and Transaction Records: 10 years (according to anti-money laundering laws)
• Tax-Relevant Data: 10 years (according to tax laws)
• Log Files: 7 days (then automatic deletion)
• Marketing Consents: Until withdrawal of consent

9. International Data Transfers

We also process personal data in third countries outside the European Union in some cases. In these cases, we ensure that adequate guarantees for data protection exist, in particular through:

• Standard contractual clauses of the European Commission
• Adequacy decisions of the European Commission
• Certifications pursuant to Art. 42 GDPR

If you have questions about international data transfers, you can contact us at any time.

10. Minors

Our services are not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have collected personal data from a person under 18 years of age without parental or guardian consent, we will take steps to delete this information.

11. Changes to This Privacy Policy

We reserve the right to adjust this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy, e.g., when introducing new services. For your renewed visit, the new Privacy Policy will then apply.

We recommend that you review this Privacy Policy regularly to stay informed about the protection of your personal data.

12. Contact

If you have questions about data protection, you can contact us at any time: