Privacy Policy
Crypto Recovers / Cryptorecovers / Cryptorecovers.com
(Legal tax name: Bink Online)
Controller:
Crypto Recovers (Bink Online)
Louis Braillelaan 80 (Unit 1125), 2719 EK Zoetermeer, The Netherlands
Email: support@cryptorecovers.com | Phone: +31 (0)85 109 1211
Last updated: 4 September 2025
We are committed to protecting your privacy and ensuring your personal data is handled lawfully, transparently, and securely. This Privacy Policy explains how we collect, process, and protect personal data in accordance with:
- The EU General Data Protection Regulation (GDPR)
- The Dutch Data Protection Act (UAVG)
1. Categories of Personal Data We Process
Depending on how you use our services, we may process:
- Identification and contact data: name, address, phone number, email
- Communication data: emails, WhatsApp messages, contact forms, phone calls
- Account and access data: usernames, encrypted/hashed passwords, login credentials
- Wallet recovery data: information you provide to enable recovery services (such as recovery details or files). This data is processed solely to complete the requested recovery, is never retained longer than necessary, and is securely deleted after use in accordance with industry best practices
- Technical and usage data: IP address, browser type, device info, operating system, logs, website activity, cookies/analytics
- Financial data: invoicing details, payment confirmations, tax records
- Verification data: identity documents provided via Stripe Identity, BoldSign, or similar providers
We do not intentionally process sensitive categories of personal data unless required for verification or compliance.
2. Data Subjects
- Website visitors and online service users
- Prospective customers
- Clients and contractual partners
- Communication partners (e.g., email or WhatsApp contacts)
3. Purposes and Legal Bases of Processing
Purpose | Data Processed | Legal Basis |
---|---|---|
Service delivery & recovery | Identification, contact, wallet recovery, access data | Art. 6(1)(b) GDPR (contract) |
Payments & invoicing | Financial data, contact data | Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligation) |
Security & fraud prevention (logs, DDoS protection) | IP, device info, logs | Art. 6(1)(f) GDPR (legitimate interests) |
Identity verification (where required) | ID documents, verification data | Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(b) GDPR (contract) |
Marketing (newsletter, e-books) | Email address, preferences | Art. 6(1)(a) GDPR (consent) |
Analytics & service improvement | Technical data, cookies | Art. 6(1)(a) GDPR (consent in EU/EEA), Art. 6(1)(f) GDPR (legitimate interests outside consent jurisdictions) |
4. Data Retention
- Wallet recovery data & temporary credentials: deleted immediately after recovery completion. Encrypted backups may contain residual fragments of this data for up to 30 days, after which they are automatically purged. Backup data is encrypted, access-restricted, and never used for any processing.
- Account data: deleted within 12 months after termination
- Communication records: retained up to 12 months after service completion, unless longer retention is required for fraud prevention, dispute resolution, or tax law
- Invoices & payment data: 7 years (tax law)
- Analytics data: 26 months (Google Analytics default)
- Server logs: up to 90 days, unless required longer for security or legal reasons
If deletion is not possible due to legal obligations or claims, data will be restricted (storage-only).
5. Data Sharing and Recipients
We never sell personal data. Data is disclosed only when:
- Necessary to provide our services
- Required by law
- Processed by providers under binding Data Processing Agreements
Sub-processors / service providers include:
- Hosting & infrastructure: Kinsta, Cloudflare (CDN)
- Analytics: Google Analytics (IP anonymization enabled, consent-based in EU)
- Email & collaboration: Versio, Hetzner (EU data center settings where available)
- Payments: Stripe (EU/US), PayPal (if used)
- ID verification & e-signatures: BoldSign, Stripe Identity
A current list of sub-processors is available on request via support@cryptorecovers.com.
6. International Data Transfers
Where providers are located outside the European Economic Area (EEA), we ensure lawful safeguards:
- Adequacy decisions by the European Commission (e.g., EU-US Data Privacy Framework)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Supplementary measures (e.g., encryption, access restrictions, transfer risk assessments)
7. Cookies & Tracking Technologies
- Essential cookies: required for website functionality
- Analytics cookies: Google Analytics with IP anonymization, only activated after consent in EU/EEA
- Retention: up to 26 months
We do not place non-essential cookies or allow third-party tracking (e.g., YouTube, Maps, LinkedIn) until you provide consent through our cookie banner, in jurisdictions where consent is required.
Opt-out options: Your Online Choices | About Ads Choices
8. Social Media & Third-Party Content
If you contact us via WhatsApp, LinkedIn, or other platforms, your data is also processed under their terms.
Embedded content (e.g., YouTube, Google Maps) requires your IP to be shared with the provider. Third-party providers may set cookies or tracking elements only after you give consent (where required by law).
9. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or significant effects.
10. Your Rights
Under GDPR, you may:
- Access, correct, or delete your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
- Lodge a complaint with your supervisory authority
Requests: support@cryptorecovers.com
Identity verification may be required. Authorized agents may act on your behalf with signed permission.
11. Children’s Privacy
Our services are not directed to children under 18 (or higher local thresholds). We do not knowingly collect data from children. If you believe a child has provided us with data, contact us for deletion.
12. Security Measures
We use technical and organizational safeguards, including:
- Encryption – TLS in transit and encryption at rest (where supported).
- Secure deletion of recovery data – All recovery data is securely deleted immediately after use in active systems. Encrypted backups may contain residual fragments of this data for up to 30 days, after which they are automatically purged. Backup data is access-restricted and never used for recovery or other processing.
- Hashed and salted passwords – Unless required for operation, passwords are stored hashed and salted, or used only on secure local offline machines.
- Access controls – Multi-factor authentication and least-privilege principles.
- Monitoring and protection – Continuous monitoring, server logs, and DDoS protection.
- Privacy by design – Privacy is built into our systems by default.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
- Minor updates will be posted here
- Material changes will be communicated by email or banner prior to taking effect
14. Supervisory Authorities & Complaints
If you are based in the EU, you may lodge a complaint with your local Data Protection Authority.
In the Netherlands: Autoriteit Persoonsgegevens – Submit a complaint
Residents outside the EU may contact their local authority.