Privacy Policy

Crypto Recovers / Cryptorecovers / Cryptorecovers.com

(Legal tax name: Bink Online)

Controller:

Crypto Recovers (Bink Online)

Louis Braillelaan 80 (Unit 1125), 2719 EK Zoetermeer, The Netherlands

Email: support@cryptorecovers.com | Phone: +31 (0)85 109 1211

Last updated: 4 September 2025

We are committed to protecting your privacy and ensuring your personal data is handled lawfully, transparently, and securely. This Privacy Policy explains how we collect, process, and protect personal data in accordance with:

  • The EU General Data Protection Regulation (GDPR)
  • The Dutch Data Protection Act (UAVG)

1. Categories of Personal Data We Process

Depending on how you use our services, we may process:

  • Identification and contact data: name, address, phone number, email
  • Communication data: emails, WhatsApp messages, contact forms, phone calls
  • Account and access data: usernames, encrypted/hashed passwords, login credentials
  • Wallet recovery data: information you provide to enable recovery services (such as recovery details or files). This data is processed solely to complete the requested recovery, is never retained longer than necessary, and is securely deleted after use in accordance with industry best practices
  • Technical and usage data: IP address, browser type, device info, operating system, logs, website activity, cookies/analytics
  • Financial data: invoicing details, payment confirmations, tax records
  • Verification data: identity documents provided via Stripe Identity, BoldSign, or similar providers

We do not intentionally process sensitive categories of personal data unless required for verification or compliance.

2. Data Subjects

  • Website visitors and online service users
  • Prospective customers
  • Clients and contractual partners
  • Communication partners (e.g., email or WhatsApp contacts)

3. Purposes and Legal Bases of Processing

Purpose Data Processed Legal Basis
Service delivery & recovery Identification, contact, wallet recovery, access data Art. 6(1)(b) GDPR (contract)
Payments & invoicing Financial data, contact data Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligation)
Security & fraud prevention (logs, DDoS protection) IP, device info, logs Art. 6(1)(f) GDPR (legitimate interests)
Identity verification (where required) ID documents, verification data Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(b) GDPR (contract)
Marketing (newsletter, e-books) Email address, preferences Art. 6(1)(a) GDPR (consent)
Analytics & service improvement Technical data, cookies Art. 6(1)(a) GDPR (consent in EU/EEA), Art. 6(1)(f) GDPR (legitimate interests outside consent jurisdictions)

4. Data Retention

  • Wallet recovery data & temporary credentials: deleted immediately after recovery completion. Encrypted backups may contain residual fragments of this data for up to 30 days, after which they are automatically purged. Backup data is encrypted, access-restricted, and never used for any processing.
  • Account data: deleted within 12 months after termination
  • Communication records: retained up to 12 months after service completion, unless longer retention is required for fraud prevention, dispute resolution, or tax law
  • Invoices & payment data: 7 years (tax law)
  • Analytics data: 26 months (Google Analytics default)
  • Server logs: up to 90 days, unless required longer for security or legal reasons

If deletion is not possible due to legal obligations or claims, data will be restricted (storage-only).

5. Data Sharing and Recipients

We never sell personal data. Data is disclosed only when:

  • Necessary to provide our services
  • Required by law
  • Processed by providers under binding Data Processing Agreements

Sub-processors / service providers include:

  • Hosting & infrastructure: Kinsta, Cloudflare (CDN)
  • Analytics: Google Analytics (IP anonymization enabled, consent-based in EU)
  • Email & collaboration: Versio, Hetzner (EU data center settings where available)
  • Payments: Stripe (EU/US), PayPal (if used)
  • ID verification & e-signatures: BoldSign, Stripe Identity

A current list of sub-processors is available on request via support@cryptorecovers.com.

6. International Data Transfers

Where providers are located outside the European Economic Area (EEA), we ensure lawful safeguards:

  • Adequacy decisions by the European Commission (e.g., EU-US Data Privacy Framework)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Supplementary measures (e.g., encryption, access restrictions, transfer risk assessments)

7. Cookies & Tracking Technologies

  • Essential cookies: required for website functionality
  • Analytics cookies: Google Analytics with IP anonymization, only activated after consent in EU/EEA
  • Retention: up to 26 months

We do not place non-essential cookies or allow third-party tracking (e.g., YouTube, Maps, LinkedIn) until you provide consent through our cookie banner, in jurisdictions where consent is required.

Opt-out options: Your Online Choices | About Ads Choices

8. Social Media & Third-Party Content

If you contact us via WhatsApp, LinkedIn, or other platforms, your data is also processed under their terms.

Embedded content (e.g., YouTube, Google Maps) requires your IP to be shared with the provider. Third-party providers may set cookies or tracking elements only after you give consent (where required by law).

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects.

10. Your Rights

Under GDPR, you may:

  • Access, correct, or delete your data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with your supervisory authority

Requests: support@cryptorecovers.com

Identity verification may be required. Authorized agents may act on your behalf with signed permission.

11. Children’s Privacy

Our services are not directed to children under 18 (or higher local thresholds). We do not knowingly collect data from children. If you believe a child has provided us with data, contact us for deletion.

12. Security Measures

We use technical and organizational safeguards, including:

  • Encryption – TLS in transit and encryption at rest (where supported).
  • Secure deletion of recovery data – All recovery data is securely deleted immediately after use in active systems. Encrypted backups may contain residual fragments of this data for up to 30 days, after which they are automatically purged. Backup data is access-restricted and never used for recovery or other processing.
  • Hashed and salted passwords – Unless required for operation, passwords are stored hashed and salted, or used only on secure local offline machines.
  • Access controls – Multi-factor authentication and least-privilege principles.
  • Monitoring and protection – Continuous monitoring, server logs, and DDoS protection.
  • Privacy by design – Privacy is built into our systems by default.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

  • Minor updates will be posted here
  • Material changes will be communicated by email or banner prior to taking effect

14. Supervisory Authorities & Complaints

If you are based in the EU, you may lodge a complaint with your local Data Protection Authority.

In the Netherlands: Autoriteit Persoonsgegevens – Submit a complaint

Residents outside the EU may contact their local authority.