Privacy Notice
Privacy Notice for Clients – AMINA (Austria) AG, Version 1.0, 1 November 2025
Table of Contents
General remarks – About AMINA (Austria) AG
1. Scope of this Privacy Notice
2. Collection of Personal Data / Data Controller
3. Legal basis and purposes for processing your Personal Data
3.1. Legal Basis and Purposes for processing your Personal Data
4. Access to your Personal Data
4.1 Sharing your Personal Data within AMINA Group
4.2 Sharing your Personal Data outside AMINA Group
6. Storage of your Personal Data
7. Your data protection rights and how you can exercise them
8. Changes to your Personal Data
General remarks – About AMINA (Austria) AG
AMINA (Austria) AG (“AMINA”, “we”, “our”, or “us”) is an Austrian stock company established under the laws of Austria and registered in the commercial register of the Regional Court of Feldkirch under FN 631729 p.
AMINA has been authorized by the Austrian Financial Market Authority (“FMA”) as a Crypto Assets Service Provider (“CASP”) pursuant to the EU Regulation on Markets in Crypto Assets 2023/1114/EU (“MiCAR”) and as such AMINA (Austria) AG is supervised by the FMA.
AMINA may offer the following services (“Services”):
- providing custody and administration of crypto-assets on behalf of clients (Custody Service),
- exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets (Dealer Service),
- providing portfolio management on crypto-assets; and
- providing transfer services for crypto-assets on behalf of clients (Transfer Service, together with the Custody Service and the Dealer Service the Core Services).
The list of the offered Services might be extended in the future pursuant to further approvals and authorisations from the FMA or other regulators. This Notice might be updated upon those further approvals and authorisations. Further information can be found under point 9.
AMINA collects and processes information about individuals (“Personal Data”, Art. 4 (2) of the GDPR), including information about our prospective, current and former clients (“you”).
This Notice aims to transparently inform you about:
- why and how we collect, use and store your Personal Data;
- the legal basis for the use of your Personal Data; and
- what your rights are in relation to such processing and how you can exercise them.
It serves information purposes only and does not establish any rights of duties.
1. Scope of this Privacy Notice
This Notice applies to Personal Data processing in any and all forms of use, collection, storage, alteration, disclosure or deletion (“processing”) by us in the European Economic Area (“EEA”) whereas you are a former, current or prospective client of us.
2. Collection of Personal Data / Data Controller
According to Art. 13 of the GDPR, we hereby inform you about the processing of your personal data.
Any Personal Data provided to or collected by us will be processed by us in our capacity as a controller or by our subcontractors and service providers in their capacity as processors in accordance with this Privacy Notice.
When interacting with AMINA or using AMINA’s services, the following Personal Data might be processed (to the extent permitted by applicable law):
- Personal Identification (and verification):
Personal identification details (e.g., name, address/domicile, date of birth, gender, nationality), contact information (e.g., telephone number, e-mail address) and respective verification data such as screenshots/photos of national identity documents (e.g., passport, ID card, driver’s license), data from these documents (e.g. passport number), utility bill for residence verification, biometric data (e.g. fingerprint for log-in into our applications), as well as electronic identification data (e.g. IP addresses, cookies, traffic data, digital ledger addresses);
- Employment / Occupation (where relevant), such as your employer, job title, place of work;
- Data received in the context of performing Services for you, e.g., bank details (IBAN, BIC), payment details, account positions and crypto-asset transactions, power of attorneys;
- Financial data:
- payment and transaction records and information relating to your assets, financial statements, liabilities, revenues, earnings and investments (including your investment objectives in case of portfolio management on crypto assets) and financial data for facilitation of transactions,
- tax information, such as tax domicile and other tax-related documents and information (tax identification number),
- detail to and proof of funds, e.g., banking statements or any other details provided by banks or financial institutions, contracts, information related to company ownership and financial background or any other data provided to determine to origin of funds.
- your knowledge of and experience in crypto investment matters;
- details of our interactions with you (e.g. communications with you such as letters, telephone calls records, e-mails) and the products and services you use, including electronic interactions across various channels such as e-mails and mobile applications;
- identifiers we assign to you, such as your client, business relation, partner or account number, including identifiers for accounting purposes;
3. Legal basis and purposes for processing your Personal Data
3.1. Legal Basis and Purposes for processing your Personal Data
Processing your Personal Data is performed in conformity with the provisions of the EU GDPR and the Austrian Data Protection Act (“DSG”).
We always process your Personal Data for a specific purpose and only process the Personal Data which is relevant to achieve that purpose. We process Personal Data, within applicable legal limitations, for the following purposes
a) as part of your consent (Article 6(1)(a) GDPR)
If you have granted us consent to process your Personal Data, processing will only take place in accordance with the respective purposes set out in the declaration of consent and to the extent agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your Personal Data for marketing and advertising purposes if you no longer consent to processing in the future), without affecting the lawfulness of processing based on consent before its withdrawal.
The provision of your data subject to a consent is not required by law or contract and is not necessary for the conclusion of a contract. You are not obliged to provide such data. If you do not provide us with such data, we cannot perform the processing of your data we needed consent for.
b) to fulfill contractual obligations (Article 6(1)(b) GDPR)
The processing of Personal Data is carried out for the provision and arrangement of Services, in particular for the execution of our contracts with you and the execution of your orders and all activities required for the operation and management of a CASP.
In the context of the business relationship, you must provide Personal Data necessary to establish and maintain the business relationship, as well as the information we are legally required to collect. If you do not provide us with this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and consequently have to terminate it.
c) to fulfill legal obligations (Article 6(1)(c) GDPR)
Processing of personal data may be necessary for the purpose of fulfilling various legal obligations in line with AMINA (Austria) AG existing CASP authorization and supervisions such as from the Financial Market-Money Laundering Act (FM-GwG [Finanzmarkt-Geldwäschegesetz]), Sanctions Law (SanktG [Sanktionengesetz 2010]), tax regulations (e.g. in Austria / Europe), as well as regulatory requirements (such as of the European Securities and Markets Authority, the Austrian Financial Market Authority, etc.).
Forthcoming registrations and requirements to which AMINA (Austria) AG might be subject to, may trigger processing of personal data to fulfill additional legal obligations, such as from the Markets in Crypto Asset Regulation (MiCAR), national implementation act of MiCAR in Austria, etc.
Examples of processing of personal data to fulfill legal obligations are:
- Identity verification, Know Your Customer process, monitoring of financial transactions, suspicious activity reports;
- Conducting sanctions audits;
- Compliance with sanctioning rules (data processing to avoid insider-trading, conflicts of interest and market manipulation, disclosure to the FMA according to the Securities Supervision Act and The Stock Exchange Act e.g. to monitor compliance with the provisions on market abuse of insider information);
- Provision of information to public prosecutors, courts and to financial criminal authorities in the context of financial criminal proceedings for an intentional financial offence;
- Risk management and due diligence;
- Detection of unauthorisied, fraudaulent or suspicious financial transactions (§ 16 Financial Market-Money Laundering Act)
- Accounting, Controlling and Compliance with tax regulations (e.g. Income Tax Law)
- Disclosure of information on the identity of shareholders (§ 10a Aktiengesetz [Securities Act]).
d) based on legitimate interests (Article 6(1)(f) GDPR)
If necessary, within the framework of balancing of interests of AMINA or a third party, data may be processed beyond the actual fulfilment of the contract, in order to safeguard legitimate interests.
In the following cases (illustrative list), data are processed to safeguard legitimate interests:
- Assessment and optimization of methods and models, analysing of needs and business control, product development and customer contact;
- Advertising or market and opinion research, provided that you have not objected to the use of your data in accordance with Art 21 (2) GDPR;
- Video surveillance for the collection of evidence in the case of criminal offences or for the proof of dispositions and deposits; these especially serve to protect the customers and employees;
- Telephone records (e.g. in case of complaints);
- Writing speed, pressure strength curve when using the sign pad to make signatures forgery-proof;
- Process management and quality management, e.g. recording of phone calls for purposes of professional training and quality assurance purposes;
- Measures for protecting employees and customers and the property of AMINA;
- Measures for the prevention and combating of fraud (Fraud Transaction Monitoring);
- Establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- to enable a transfer, merger or disposal to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer, merger or disposal of part or all of AMINA’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
In the context of the business relationship, you must provide Personal Data necessary to establish and maintain the business relationship, as well as the information we are legally required to collect. If you do not provide us with this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and consequently have to terminate it.
3.2. Additional remarks
To the extent that we process any special categories of data relating to you, we will do so because:
- the processing is necessary for the establishment, exercise or defense of a legal claim;
- the processing is necessary for reasons of substantial public interest on the basis of Union or EU Member State law;
- the processing relates to personal data which are manifestly made public by you; or
- you have given your explicit consent to us to process that information (where legally permissible).
We set out in the table below, a description of the ways in which we use your Personal Data and the legal bases we rely on to do so. Where appropriate, we have also identified our legitimate interests in processing your Personal Data.
4. Access to your Personal Data
4.1 Sharing your Personal Data within AMINA Group
Your Personal Data is received by those offices or employees of AMINA and AMINA-Affiliates[1] that need it for fulfilling contractual, legal and regulatory duties and for legitimate interests.
We usually share Personal Data with other AMINA-Affiliates to ensure a consistently high service standard across our group, and to provide services and products to you (e.g. if you are a client not only of AMINA but also of other AMINA-Affiliates). Other AMINA-Affiliates may process your Personal Data on behalf and upon request of AMINA. Examples of AMINA-Affiliates who receive your Personal Data may be for risk management, technological support services, relationship management and reporting.
4.2 Sharing your Personal Data outside AMINA Group
Outside AMINA Group, auditors, lawyers, tax consultants, trustees, insurers and payment services, other service providers (IT-services, such as cloud services), among others, will receive your data if it is necessary to fulfil their duties. Furthermore, data processing companies commissioned by us (especially IT service providers, back-office service providers and service line) receive your data if they need them for fulfilling their respective service. These processors or their sub-processors may be in third countries. The transfer of your data to these third countries takes place either based on an adequacy decision of the European Commission or the application of EU standard data protection clauses (“SCC”) and additional safeguards, where necessary. A copy of the SCC will be provided to Clients on request at dataprotection-eu@ aminagroup.com. Accordingly, all the data processing companies are contractually obligated to keep your data confidential and to process it only in the context of service provision.
For instance, the following entities are third parties that may receive your Personal Data: clearing houses and clearing or settlement systems and specialised payment companies or institutions such as SWIFT, payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks (including custodian banks).
The public authorities and institutions (such as European regulators, FMA, tax authorities, etc.) can be recipients of your personal data if there is a legal or regulatory obligation.
With regard to the disclosure of data to other third parties, we would like to point out that AMINA, as a CASP authorized and FMA supervised legal entity, is obliged to maintain confidentiality about all customer-related information and facts that have been entrusted to us or made accessible to us as a result of the business relationship. In this context, recipients of Personal Data can be credit and financial institutions or similar institutions to which we send the data in order to maintain the business relationship with you (depending on the contract this can be for example, correspondent banks, exchanges, custodian banks, credit service agencies etc.).
AMINA and/or AMINA Affiliates might be obliged under certain circumstances to provide information regarding the applicable legal framework on the prevention of money laundering and the prevention of terrorism financing; or in case of criminal proceedings based on a court order. As such under certain circumstances compliant with data privacy and requirements such as money laundering and terrorism prevention provisions, AMINA (Austria) AG and/or we may transfer your Personal Data within and outside the AMINA Group as outlined in this Section.
For example, the following public or regulatory authorities may receive your Personal Data:
- the FMA;
- tax offices;
- the Austrian Data Protection Authority.
We may also share your Personal Data in case of a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of AMINA’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; and in case of any legitimate recipient required by applicable laws or regulations.
5. Cookies
Our website uses cookies. Cookies are intended to enable use of the website and/or to personalize the website for your visit and to improve the use of the website. Cookies are small text files that the website transmits to the cookie file of the internet browser on your device and stores it there for later retrieval so that you are recognized when the website is re-visited. A cookie typically includes the name of the domain from which the cookie originates, the “lifetime” of the cookie, and a unique identifier.
Our website uses the cookie of Google Analytics which collects information and reports website usage statistics without personally identifying individual visitors to Google. Click “Accept all” in our cookie pop-up to consent to the use of statistic cookies. You can also decide not to provide AMINA with this information if you wish, with no impact on your experience of the website. To opt out of being tracked by Google Analytics, you just need to click “Decline all” or specifically decline the marketing cookies. The information generated by the cookie about your use of our website is normally transferred to a server of Google in the USA and saved there. Google may also transfer this information to third parties insofar as this is a legal requirement or if third parties are commissioned to process this data on Google’s behalf (see Google’s Privacy Policy at https://policies.google.com/privacy). Please note that Google and these third parties may be based in jurisdictions which do not offer the same level of data protection as Switzerland or the EEA.
We use the following types of cookies:
- Session Cookies: Temporary cookies that remain in the cookie file of the browser until you leave the website. Session cookies are required for you to use the website and, if necessary, to register or interact with it. Session cookies are deleted at the end of the browser session.
- Persistent Cookies: Persistent cookies remain in the cookie file of the browser for a longer period. The duration depends on the lifetime of the cookie. Persistent cookies allow the website to remember the choices you made (e.g., user’s registration data, the language selected, or the region in which you are located).
- Web Beacons: Web Beacons are electronic signs (also called “Clear GIFs” or “Web Bugs”) that allow AMINA to count the number of users who have visited the site.
If you do not want to accept cookies or web beacons, you can refuse them via our cookie pop-up and deny access to previously stored information by setting your internet browser accordingly. The settings within the browser that allow you to do so vary from browser to browser.
If AMINA uses cookies that are not essential (i.e., technically necessary to provide our services to you) and thereby collects and processes your personal data, the legal basis for this is your consent according to Article 6(1)(a) GDPR. For more information on the specific cookies, please refer to the cookie pop-up on our website.
6. Storage of your Personal Data
We will keep your Personal Data as far as it is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, or internal policy requirements.
We process your Personal Data for the duration of the entire business relationship (from the initiation, performance until the termination of a contract) and furthermore, we process it according to the legal safekeeping and documentation obligations resulting from the applicable law, such as from § 21 FM-GwG. In line with AMINA registration and supervision, AMINA may be required in the future to process and store your Personal Data according to the Austrian Commercial Code (§ 212 UGB), the Federal Fiscal Code (§ 132 BAO), inter alia. In general, the records retention periods prescribed there in range from 2 to 10 years.
We may store your Personal Data for the purposes of evidence with the scope of statues of limitations. Under the Austrian Civil Code (Allgemeines Bürgerliches Gesetzbuch) the regular limitation period is 3 years but may be up to 30 years.
Once our relationship with you has ended (for example, after your account has been closed or following a transaction such as a payment, your application for a product is refused, or you decide not to go ahead with an instruction), we will only keep your Personal Data for a period that is appropriate, which in many cases is up to 10 years after your account closes or following a transaction such as a payment. Copies of documents and information received that are necessary for the fulfillment of customer due diligence obligations, including electronic means for identity verification and relevant trust services as well as other secure procedures for remote or electronic identification, shall be retained for a period of ten years after the termination of the business relationship with the customer or after the date of an occasional transaction in accordance with § 21 (1) (1) FM-GwG. Transaction documents and records that are required for the identification of transactions shall be retained for a period of ten years after the termination of the business relationship with the customer or after an occasional transaction in accordance with § 21 (1) (2) FM-GwG.
We will keep your Personal Data after this time if there are existing claims or complaints that will reasonably require us to keep your information, or for regulatory reasons according to Art 6 (1) (f) GDPR for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
7. Your data protection rights and how you can exercise them
You have the right to obtain information as to whether or not your personal data is being processed, in the affirmative to obtain information on such data and further information on such data as specified by law (Art 15 GDPR). You have the right to complete incomplete data and the right to have inaccurate data corrected (Art 16 GDPR). Under certain conditions, you have the right to have your data deleted (Art 17 GDPR). However, there is no right to erasure if the processing is necessary for compliance with a legal obligation or for the assertion, exercise or defence of legal claims. Under certain conditions, you may also request that the use of your data be restricted (Art 18 GDPR) or object to the use of your data (Art 21 GDPR). You have the right to receive the data you have provided in a structured, common and machine-readable format and to have the data transferred to another controller or – if technically feasible – to have it transferred directly by AMINA (Austria) AG (Art 20 GDPR). If your data is processed on the basis of your consent, you have the right to revoke this consent at any time. The lawfulness of the data processing carried out until the revocation is not affected by the revocation.
If you believe that the processing of your personal data has not been carried out lawfully, please contact us by mail or e-mail (see contact details below) so that we can learn of your concerns and respond to them.
Controller:
AMINA (Austria) AG
Seestrasse 6/13, 6900 Bregenz, Austria
E-Mail: [email protected]
To exercise your rights, please contact:
The Data Protection Officer (“DPO”) and representative in the EU at AMINA (Austria) AG:
AMINA (Austria) AG
DPO
Seestrasse 6/13, 6900 Bregenz, Austria
E-Mail: [email protected]
If you are not satisfied with AMINA’ response, you have the right to make a complaint to the Data Protection Authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen. The contact details of each Data Protection Authority can be found at the following website: https://edpb.europa.eu/about-edpb/board/members_en
You can also submit complaints to the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
8. Changes to your Personal Data
If your Personal Data changes, please inform us of the change as soon as possible.
9. Updates to this Notice
This Notice was issued on November 1, 2025. Any amendment or update to this Notice we will make available to you here: eu.aminagroup.com/pricacy-data-protection. Please visit the AMINA website frequently to understand the current Notice, as the terms of this Notice are closely related to you. If we have a relationship with you, we will also inform you of any changes by e-mail or by using other communication channels agreed with you (e.g. letters, AMINA app etc).
Version: November 1, 2025
[1] “AMINA-Affiliate” means an entity that directly or indirectly (i) controls AMINA, or (ii) is controlled by AMINA, or (iii) is under common control with AMINA. In this context an entity is deemed to “control” if it holds the direct or indirect ownership of at least 50% of the outstanding equity of the controlled entity and/or has the right, either directly or indirectly, to appoint a majority of the members of the Executive Board or Board of Directors.
Cross-border Services Restrictions
Disclaimer – Important Information
This website (eu.aminagroup.com) including subpages and the information contained herein (hereinafter the “Website”) are intended solely for persons located within Austria, Denmark, Estonia, France, Germany, Ireland, Italy, Liechtenstein, Luxembourg, Malta, Netherlands, Poland, Portugal, Spain (hereinafter together “Relevant Countries”).
The crypto-asset services described on this Website are provided by AMINA (Austria) AG (hereinafter “AMINA EU”), a crypto-asset service provider (CASP) duly authorized in Austria under Regulation (EU) 2023/1114 (MiCA). These services are not directed at, and may not be offered to, persons outside Relevant Countries.
Nothing on this Website constitutes an offer to sell or a solicitation to purchase crypto-assets in any jurisdiction outside Relevant Countries. AMINA EU assumes no responsibility or liability for access to, or use of, the information contained herein by persons from jurisdictions where such access or use would be unlawful.
By clicking “Continue” below, you confirm that you are either a resident of, and located in Relevant Countries, and/or that you access this Website at your own initiative and risk, and without active promotion or solicitation from AMINA EU.
If you do not wish to visit the Website, please click “Exit Website”.