Data Privacy Policy of Kurant GmbH

Valid as of: 03 December 2018

Data Privacy Policy of Kurant GmbH, with registered office in Vienna and business address Forchheimergasse 30A/4/5, 1230 Vienna, Austria (hereinafter referred to as "​Kurant​" or "we​"), for the website (hereinafter "Website") and contracts for the purchase or sale of cryptocurrencies.

Thank you very much for your interest in our products. Below we inform you comprehensively, to what extent we process your data and which rights you have in this regard. The protection of your privacy is particularly important to us and we would like to inform you accordingly about your rights or possibilities in order to sustainably promote a relationship based on trust. Our data protection practice complies with the General Data Protection Regulation of the European Union (hereinafter "​GDPR") in conjunction with the Austrian Data Protection Amendment Act 2018 (hereinafter "DS-AG"), the Telecommunications Act (TKG) and other relevant legal provisions.

Data protection regulations must always be observed when processing personal data. The scope of this privacy policy is based on the understanding of the GDPR. Thus, the "processing" of personal data essentially involves any dealings with the same. Insofar as data processed by us are inhuman and - even if only through third parties, in a synopsis or additional knowledge - make you identifiable as a person (in particular, have your full name ascertained), this is basically personal data.

This privacy statement applies solely to our website. If you are redirected to other websites via links on our Website, please inform yourself directly on the landing page about the respective handling of your data. For contents on web pages of the third party, which are linked over our web appearance, we can take over no responsibility or adhesion.

  • § 1 Data processing when using our Website

When you visit our Website, we collect the following information: IP address.You can visit our Website without having to provide any personal information. When the Website is accessed, only certain access data (your IP address and other metadata regarding your surfing behavior, eg date / time of retrieval, requesting provider) are processed. This data processing is carried out for the purpose of traceability of visitors, checking the effectiveness of advertising, playing targeted advertising elements and messages, and for the purpose of ensuring and improving the quality of our offer and is based on Article 6 (1) (f) GDPR (predominant legitimate interests, that is achievement of the purposes just mentioned). However, this information does not allow us to infer yourself.

IP addresses are collected and stored by shortening the last three (3) digits exclusively in anonymous form. As a basic principle, you can therefore view all content on our Website without providing any personal data.

  • § 2 Data processing when trading cryptocurrencies

If you have decided to trade cryptocurrencies through our Bitcoin ATMs, you must first register at the Bitcoin ATM starting with an amount of EUR 250.00 and then complete a Know Your Customer verification process (hereinafter "KYC"). Within the framework of this registration or KYC verification and the subsequent ordering of cryptocurrencies (purchase or sale), the following personal data are collected: first name, last name, address data, date of birth, e-mail address, telephone number and identification data (presentation of ID card copy) and a photo of your face to make a KYC check.

Should you have decided to make a request to set up a Bitcoin ATM, the following personal data will be collected: title, first name, last name, e-mail address, company, sector, position and website.

These personal data are required by us for the fulfillment of the contract and for the fulfillment of the legal requirements (Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR). The data is stored at least for the duration of a contract with Kurant, whereby in particular due to legal requirements (statutory retention requirements, limitation periods of potential legal claims) a longer period may also be provided for. Insofar as the storage of the data for the purposes of the original survey (or within the scope of a legally permissible change of purpose) is no longer required and no legal provisions are in conflict, we will arrange for the deletion of the same.

In addition, we process the date of the transaction, the transaction fee and the network fee (also required for contract fulfillment).

  • § 3 Data processing of children

There are no business relationships with children.

  • § 4 Rights of the data subject

An important concern of data protection law is to give you certain disposition possibilities about your personal data even after a data processing has already begun. For this purpose, there are a number of data subject rights, which we will comply with immediately upon request, but at the latest within one (1) month. To exercise your rights, please contact us via the following e-mail address: Specifically, the following rights are provided:

(a) If you exercise your ​right to information and no legal restrictions are in conflict, we will inform you comprehensively about our processing of your data. We will provide you with (i) copies of the data (e-mails, database extracts, etc.) as well as information on (ii) specifically processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the retention period or criteria for their determination, (vii) the source of the data and (viii) where applicable, further information depending on the individual case. Please note, however, that we can not provide documents that could affect the rights of others.

(b) With the right of rectification, you can request that we correct incorrectly recorded, incorrect or (for the respective processing purpose) incomplete data. Your request will then be reviewed and the data processing concerned may be restricted for the duration of the audit upon request.

(c) The ​right to (data) deletion may be exercised at any time by you (i) in the absence of any need for processing purposes, (ii) in the event of the revocation of any consent granted by you, (iii) in the event of special opposition, to the extent that the data processing concerned affects the legitimate interests of Kurant, (iv) in the event of unlawful data processing and (v) in the event of a legal cancellation obligation.

(d) An ​accompanying right to restriction, after the exercise of which data may only be stored, exists in special cases. In addition to the possibility of restricting the review period of data adjustments, (i) unlawful data processing (if no deletion is required) and (ii) the duration of the review of a particular request for opposition are included.

(e) In addition, you have a fundamental right to opposition to data processing any time. However, this only applies if the processing is based on the legitimate interests of Kurant.

(f) You can also exercise your ​right of appeal to the data protection office (see point 10).

Please note further that we may not be able to comply with your request due to compelling, legitimate reasons for the processing (balance of interests) or processing due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive applications, whereby a fee may be charged here as well as in the processing of obvious unfounded requests.

  • § 5 Data security and data deletion

Kurant will take all appropriate technical and organizational measures to ensure that only personal data is processed by default, the processing of which is strictly necessary for the business purpose. The measures we have taken cover both the amount of data collected, the amount of work involved, and their retention and accessibility. We use these measures to ensure that personal data is made available to a limited and necessary number of people by default. Other persons will not be granted access to personal data under any circumstances without the express consent of the data subject. We also use various protection mechanisms (backups, encryption) to secure the Website and other systems. This is intended to best protect your (personal) data against loss or theft, destruction, unauthorized access, modification and dissemination.

In accordance with the provisions of the GDPR, all (personal) data collected by us via the Bitcoin ATM or the Website will only be stored for as long as they are required for the legal basis of processing, unless longer-term storage is provided for by law. We comply with our deletion obligation by means of our specific company-internal deletion concept, whereby we can give you more information on request.

All employees of Kurant have been sufficiently informed about all applicable data protection regulations, internal data protection regulations as well as data security precautions and are required to keep secret all information entrusted or made accessible to them in the course of their professional employment. The requirements of the GDPR are strictly adhered to and personal data are only made available to individual employees insofar as this is necessary with regard to the purpose of the data collection and our resulting obligations.

If a data processor is commissioned by us, these are also obligated to comply with all applicable data protection regulations due to specific framework agreements. In addition, when dealing with your (personal) data, they are strictly bound by our specifications, especially with regard to type and scope.

  • § 6 Data transmission

For the purposes explained in the context of this privacy policy, we will transfer your (personal) data to third parties, if necessary. This requirement occurs e.g. if you have decided on a verification at the Bitcoin ATM.

Within our organization, those entities or employees will receive your data for the fulfillment of their contractual or legal obligations and for data processing based on our legitimate interests.

  • § 7 Cookies

We use so-called cookies, small text files that are stored on your computer when you access our Website. They help us to make our offer more user-friendly, attractive and secure. The cookies are used together with the IP address exclusively for technical operation (eg login, load distribution at Cloudflare, storage of language presets) of the Website. In many cases, these are "session cookies" which are deleted without your intervention as soon as you end your current browser session. Other cookies (eg to save your language setting) remain for a longer period or until you remove them manually. Cookies do not contain any personal data.

Most browsers accept cookies automatically. However, you have the option to customize your browser settings so that cookies are generally denied or only allowed to certain types (e.g., restriction of denial to third-party cookies). However, if you change the cookie settings of your browser, our Website may no longer be fully operational. The setting options for the most popular browsers can be found under the following links:

Internet ExplorerTM:






  • § 8 Google Analytics

This Website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Use is made on the basis of Article 6 (1) (1) (f) GDPR. Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the Website by you. The information generated by the cookie about your use of the Website such as

  • browser type / version,
  • operating system used,
  • referrer URL (the previously visited page),
  • hostname of the accessing computer (IP address),
  • time of the server request

are usually on a server from Google in the US and stored there. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. We have also extended Google Analytics on this Website for the code "anonymizeIP". This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

On behalf of the operator of this Website, Google will use this information to evaluate your use of the Website, to compile reports on Website activity and to provide other services related to Website usage and internet usage to the Website operator. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of this Website to the full extent.

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the Website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install it:

Alternatively, by clicking on this link (javascript: trackerOptout ()) you prevent Google Analytics from collecting data about you. By clicking on the link above you download an "opt-out cookie". Your browser must allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link each time you visit this Website.

We continue to use Google Analytics to analyze data from Double-Click and AdWords for statistical purposes. If you do not want to do this, you can disable it through the Ads Preferences Manager (

For more information about privacy related to Google Analytics, see the Google Analytics Help Center (

  • § 9 Social Plugins

Our Website uses so-called social plugins ("plugins") from the social network Facebook.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("​Facebook"). An overview of the plugins of Facebook and their appearance can be found here:
For information on the collection of data by the provider as well as your related rights and settings options for protecting your privacy, please refer to the privacy policy of the provider.

Privacy policy of Facebook:

If you do not want Facebook to directly associate the data collected via our Website with your profile, you must log out of the corresponding service before activating the plugins.

Please note that Facebook participates in the EU-US Privacy Shield, which requires the company to abide by the agreement and to maintain a level of data protection consistent with European privacy standards. The EU-US Privacy Shield has been granted a level of data protection by adequacy decision of the European Commission; data transfers to certified companies in the third country USA are generally permitted. The Privacy Shield certifications can be viewed at

  • § 10 Right of appeal

If you believe that we violate applicable data protection laws when processing your data, you have the right to lodge a complaint with the Austrian Data Protection Authority (DPA). The requirements for such a complaint are based on § 24ff DS-AG. However, we ask you to contact us in advance in order to clarify any questions or problems. The contact details of the DPA are as follows:

Österreichische Datenschutzbehörde Wickenburggasse 8
1080 Vienna, Austria
Phone: +43 1 52 152-0


  • § 11 Contact for data protection questions, notifications, requests

For data protection questions, notifications or requests, please use the following contact address:

Kurant GmbH, Forchheimergasse 30A/4/5, 1230 Wien,