Verifeye Data Protection.

ID-Verification with Verifeye Online Video-Ident

Supplemental Privacy Notice:

You may rely on the protection and security of your personal data: Protecting your privacy when processing personal data is a core concern of ours. The following data protection information provides you with an overview of the processing of your data and the rights to which you are entitled to under data protection regulations when using the ID verification procedures at Cryptonow GmbH.

This Privacy Policy supplements the general Privacy Policy of Cryptonow GmbH.

1. Who is responsible for data processing and whom can I contact?

The Controller (i.e., responsible party for the processing of your data) is:
Cryptonow GmbH, Marc-Aurel-Str. 10–12, 1010 Vienna, Austria

You can reach our company data protection officer at:
E-Mail: [email protected]

2. What sources and data does Cryptonow GmbH use?

Within the framework of the ID verification process, we only process data that you provide to us or that the service provider sends to us.

Personal data processed by us as part of the ID verification process are:

FieldProvided by Verifeye
Client IDDefined by Verifeye
Customer IDDefined by Client
Unique Customer IDSession ID
Verification resultSuccessfull/Rejected/Flow incomplete
Mobile Number+49 175 123 456 78
Type of documentID Card/Passport
SalutationHerrn / Frau
Document NumberFrom ID Document
Given NameErika
Family NameMustermann
Maiden NameGabler
StreetMusterstraße
Number5
Postal Code60594
CityFrankfurt
CountryDeutschland
NationalityDeutsch
Date of Birth25.10.1985
Country of BirthDeutschland
Date of Issue27.12.2012
Date of Expiration26.12.2022
Issuing AuthoritiesStadt Frankfurt
SignatureFrom ID Document
Photo(s) of ID DocumentJPG/PNG
Photo (Selfie) of CustomerJPG/PNG
Live Photo of Customer made by the AgentJPG/PNG
Live Photo(s) of ID Document made by the AgentJPG/PNG
Video- + Audio-Recordings of callMP4
PDF with all data above except video-filePDF

Furthermore, the following audio/visual evidence is collected as part of the AML-compliant identification process:

  • Photo of yourself (selfie)

  • Photo of your identification document

  • Recording (audio/video) of the entire call

In addition, the so-called selfie-comparison takes place as part of the ID verification process. Based on the consent you have provided (see supplementary section 3.), a live image of your face is compared with the photo of your ID document. The matching increases fraud protection and effectively avoids identity deception when performing the ID verifications. This information is subject to increased protection as special categories of personal data within the meaning of Art. 9 of the GDPR. It is processed briefly by the service providers contracted by Cryptonow GmbH for the duration of the matching process. The data is not stored or transmitted to Cryptonow GmbH. Only a matching result score is stored, but this is not biometrical data.

3. For which purpose and on what legal basis does Cryptonow GmbH process your data?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR), and the German Federal Data Protection Act (BDSG) and other applicable legal regulations.

We process the data collected as part of the ID verification process to ensure secure and legally compliant identification of our customers. This includes the most effective possible avoidance of fraud and identity deception risks, as well as a verification process that documents this.

The ID verification process therefore consists of the following process steps:

  • Validation of the identity document (identity card or passport)

    The customer makes a picture of the front and back of his/her ID card or, alternatively, of the machine-readable page of his/her passport. The system reads the information from the MRZ (Machine Readable Zone) of the ID document and performs automated calculations of the check digits contained in the MRZ as well as cross-comparisons of the information contained with the information in the field view of the ID document. Video identification with unsuitable ID documents are thus ruled out at an early stage.

  • Selfie-Comparison

    After validation of the ID document, the customer is asked to take a selfie. Based on facial biometric features, the selfie is compared with the ID photo. This also serves to effectively reduce fraud risks.

  • Video-call with a verification agent

    In the actual video identification call, the customer is transferred to a call center agent. The video identification call takes place in real time, without interruptions. The video calls are protected by end-to-end encryption.

  • OTP (One Time Password) in the form of an mTAN

    At the last stage of the video call, the video agent sends an OTP in the form of an mTAN to the customer’s mobile phone number. The customer must enter this mTAN to complete the identification process. This serves to further secure the identification process in terms of two-factor authentication.

The identification of your person and the processing of your personal data is necessary in order to enter into and execute the corresponding contractual relationship with you. We thus fulfill our identification obligations under money laundering laws and contribute to the effective combating of abuse and the provision of evidence. The basis for the processing of your personal data is accordingly Art. 6 Abs. 1 lit. b) GDPR (pre-contractual measures and contract performance), Art. 6 Abs. 1 lit. c) GDPR (fulfillment of legal obligations under the Money Laundering Act) and Art. 6 Abs. 1 lit. f) GDPR (legitimate interests).

The processing of biometric data in the context of the presented selfie matching is exclusively based on your voluntarily given consent according to Art. 6 Paragraph. 1 lit. a, Art. 9 Paragraph. 2 lit. a GDPR.

4. Who receives my Data?

Cryptonow GmbH uses external service providers to perform the ID verification. The service providers used are contractually obligated as processors pursuant to Art. 28 GDPR and are subject to the instructions of Cryptonow GmbH. The exchange of personal data between the service provider and Cryptonow GmbH is closely aligned with the purpose of the order.

We may only pass on information about you to third parties if this is required by law, you have given your consent, or we are authorized to provide information. Under these conditions, recipients of personal data can be, for example: Government institutions (i.e. Legal, tax authorities, investigating authorities) if there is a legal or official obligation.

With regard to the necessary and permissible transfer of data to recipients outside the company, we observe the applicable data protection regulations.

5. Is data transferred to a third country or to an international organization?

No data is transferred to countries outside the European Union (so-called third countries).

6. How long will my data be stored?

The service provider shall keep the data collected as part of the ID verification process for a period of 7 days in order to ensure contractual verification and inspection obligations. This applies both in the case of an aborted identification and in the case of a successfully completed identification.

Biometrical data is not processed by the service provider beyond the selfie matching process. They are neither stored nor transmitted to Cryptonow GmbH. Only the matching result, which does not represent biometrical data, is stored for 7 days.

As Cryptonow GmbH, we retain the data collected by the service provider used and forwarded to us for 10 years after the end of the business relationship or for 10 years after the complete settlement of the transaction, as required.

7. How is the security of my data guaranteed?

The security of the collected data is ensured by a wide-range of measures (i.e. protective measures that prevent unauthorized access to the premises where the video ID process is carried out (access control systems, alarm systems; burglar-proof measures, password security, etc; measures against destruction and loss (data backup procedures, virus protection, emergency plans, fire and extinguishing protection, etc.) and securing of communication lines through state-of-the-art encryption).

8. What data protection rights do I have?

You are entitled to the following rights according to Art. 15 to Art. 22 of the GDPR provided that all legal requirements are met:

  • Right of access according to Art. 15 GDPR, i.e. the right to obtain confirmation from us to whether personal data about you is being processed and, if so, to obtain information about this data and further information;

  • Right to Rectification according to Art. 16 of the GDPR, insofar as personal data concerning you is inaccurate;

  • Right to Erasure according to Art. 17 of the GDPR, for example, if the personal data are no longer necessary for the purposes for which they were processed;

  • Right to Restriction of Processing according to Art. 18 of the GDPR;

and

With regard to the right to information and the right of erasure, the restrictions pursuant to Sections 34 and 35 BDSG.

In addition, there is a right to lodge a complaint with the Data Protection Supervisory Authority (Art. 77 GDPR).

9. Right to withdraw your consent

You may freely withdraw your consent to data processing at any time. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. If you withdraw consent or effectively object to further processing based on your consent, we will no longer process the data for these purposes.

10. Information about your right to object

You have the right to object any time to the processing of your personal data, which is carried out on the basis of a balance of interests (Art. 6 Par. 1 Subsection . 1 lit. f GDPR), insofar as reasons arise from your particular situation that speak against this data processing. This also applies to any automated case-by-case decision-making that may be used (Art. 22 GDPR). If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. Further reasons are the assertion, exercise or defense of legal claims.

© Copyright 2026 Cryptonow GmbH. All Rights Reserved.

Cryptonow GmbH, Marc-Aurel-Straße 10-12/15a, 1010 Vienna, Austria, provides the regulated service of exchanging crypto-assets for other crypto-assets and/or fiat currency as the principal counterparty to the client.

Cryptonow GmbH is licensed as a Crypto-Asset Service Provider (CASP) under Austrian law. Trading in crypto-assets involves substantial risk and may not be suitable for all investors. Prior to engaging in any transaction, investors should carefully assess their investment objectives, level of experience, and risk tolerance. The value of crypto-assets is highly volatile and may result in significant losses within a short period. Each crypto-asset possesses distinct characteristics, and investors should undertake thorough research and ensure they fully understand an asset before engaging in any trade. Past performance is not a reliable indicator of future results. This content qualifies as a marketing communication within the meaning of the Markets in Crypto-Assets Regulation (MiCAR), does not constitute an investment recommendation or financial advice, and investors must ensure they understand all associated risks, including the potential loss of the entire invested capital. Funds should not be invested if their loss cannot be financially sustained.