Privacy Policy

Responsible handling of your personal data is of utmost importance to Phlint Kapstead. We process information transparently, for defined purposes and in compliance with applicable law – in particular the GDPR. In this policy we explain which data we collect, why we use it, how long we store it and how we protect it.

1. Controller

The controller responsible for your personal data within the meaning of the GDPR is the operator of the Phlint Kapstead website and platform. Relevant contact details and further information can be found in the imprint of this site. For data protection questions you can contact our data protection officer.

2. Collected data

We collect and process only the data that is necessary to provide our services, to fulfil legal obligations and to ensure the secure operation of the platform. These include in particular:

  • Identity data: first and last name, date of birth (for age and identity verification).
  • Contact details: email address, phone number (optional), country of residence and, if applicable, address.
  • Account and transaction information: payment details, deposits and withdrawals, transaction history.
  • Technical and usage data: IP address, browser type, device information, access times, log data.
  • Verification documents: identity documents, proof of address or other documents for KYC/AML checks (only if legally required).

Special categories of personal data (e.g. health data or religious beliefs) are generally not collected unless this is explicitly required by law or made with your express consent.

3. Collection methods

Your data is collected through various secure channels:

  • Directly from you: for example during registration, maintaining your profile, submitting verification documents or using the contact form.
  • Automatically: e.g. via cookies, server log files, analytics tools and device information during use of the platform.
  • Via third parties: such as payment providers (for deposits and withdrawals), identity verification services (KYC/AML) or – with your consent – social login services.

4. Purposes of processing

We process your personal data only for clear and legitimate purposes:

  • Setting up, managing and providing your user account and platform features.
  • Executing and securing payment processes (deposits and withdrawals).
  • Personal customer support and handling your requests.
  • Compliance with legal and regulatory obligations (e.g. KYC, AML and tax requirements).
  • Ensuring IT security and protection against fraud, abuse and attacks.
  • Optimising the user experience and further developing the platform.
  • Marketing and informational purposes – only on the basis of your express consent.

5. Legal bases for processing

  • Performance of a contract or pre‑contractual measures (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations (Art. 6(1)(c) GDPR), e.g. in relation to anti‑money laundering.
  • Pursuit of legitimate interests (Art. 6(1)(f) GDPR), e.g. to ensure the platform's stability and security.
  • Your explicit consent (Art. 6(1)(a) GDPR), for example for marketing or optional additional features.

6. Data sharing

Your data is only shared when necessary and exclusively with carefully selected partners:

  • Payment service providers and banks for processing deposits and withdrawals.
  • Specialised service providers for carrying out KYC/AML checks.
  • IT and cloud providers with whom we have entered into appropriate data processing agreements.
  • Analytics and security tools that – where possible – work with anonymised or pseudonymised data.
  • External advisors (e.g. lawyers, tax advisors) within the scope of legal obligations.
  • Authorities or courts when there is a legal obligation or rights must be enforced.

Your personal data will not be transferred or sold to third parties for commercial purposes.

7. International data transfers

In some cases we use providers (e.g. cloud or analytics services) outside the European Economic Area. In such cases we implement appropriate safeguards such as EU standard contractual clauses, binding corporate rules or adequacy decisions by the European Commission to ensure an adequate level of data protection.

8. Data security

To protect your data we take extensive technical and organisational measures:

  • Encrypted data transmission using current protocols (e.g. TLS 1.3+).
  • Strong encryption of sensitive data at rest (e.g. AES‑256).
  • Regular security audits, penetration tests and reviews by independent specialists.
  • Continuous monitoring of systems for suspicious activity and attack attempts.
  • Strict access restrictions and role‑based permissions within the team.
  • Holding customer funds in segregated accounts at regulated partner institutions.

Absolute protection against all risks cannot be guaranteed technically, but we reduce such risks to a very low level with our measures.

9. Retention period

We store your data only as long as it is necessary for the stated purposes or legally required:

  • For the duration of the active use of your account and the contractual relationship.
  • After account closure for the legally required period (e.g. 5–10 years for tax and regulatory purposes).
  • For consent-based processing (e.g. marketing) until you withdraw your consent.

When data is no longer needed we delete it securely or anonymise it.

10. Your rights as a data subject

You have extensive rights regarding your personal data. In particular, you may:

  • Request information about which data we hold about you.
  • Request correction of inaccurate or completion of incomplete data.
  • Request deletion of your data, provided no statutory retention obligations apply.
  • Request restriction of processing in certain cases.
  • Receive your data in a structured, common and machine‑readable format (data portability).
  • Withdraw consents granted at any time with effect for the future.
  • Lodge a complaint with a competent data protection supervisory authority.

11. Cookies and similar technologies

We use cookies and similar technologies to ensure platform functionality, analyse usage and optimise the experience. Essential cookies are always active, while analytical and marketing cookies require your prior consent. Further details can be found in our cookie policy.

12. Changes to this privacy policy

We may update this policy from time to time – for example due to legal changes, regulatory requirements or new features. The updated version is always available on the website. We will inform you about relevant changes by email or directly on the platform.

13. Contact for data protection matters

If you have questions about data protection, this policy or exercising your rights, contact us by email at [email protected] or via the site's contact form. Our data protection officer will review your request and respond in a timely manner.

visa mastercard paypal ssl security

By using Phlint Kapstead you confirm that you have read this privacy policy and accept its contents.

Thank you for your trust. Protecting your data and your privacy is and will remain a central priority for us.

Pagina Principale ¿Por qué empezar a invertir? ¿Cómo comenzar a invertir? ¿Quién está detrás de Phlint Kapstead? Riesgos asociados a la inversión Ventajas FAQ Contact Pravila privatnosti Terms and conditions