bitcoin kopen ideal

DATA PROCESSING AGREEMENT

Knaken Cryptohandel B.V. – Version 2026.1

This Data Processing Agreement (hereinafter: "DPA") governs the processing of personal data by Knaken Cryptohandel B.V., established in Rotterdam at Schiedamse Vest 154, registered with the Chamber of Commerce under number 70149054 (hereinafter: "Processor"), for the party utilizing the services of Knaken (hereinafter: "Controller").

PREAMBLE (Background)

  1. Services: Processor provides services as a Crypto-Asset Service Provider (CASP), including the operation of a trading platform, the exchange of crypto-assets, and providing custody services.
  2. Legislative Framework: This DPA has been drafted to comply with Article 28 of the GDPR (AVG), but has also been reinforced to meet the requirements of the Markets in Crypto-Assets Regulation (MiCAR) and the Digital Operational Resilience Act (DORA).
  3. Transparency: The Parties acknowledge that in the crypto sector, ensuring data integrity and system security is directly linked to the prevention of market abuse and financial harm.

 

ARTICLE 1. DEFINITIONS

  • 1.1 Personal Data: Any information relating to an identified or identifiable natural person (Data Subject). In the context of Knaken, this specifically includes: name, address, BSN (if legally required), copy of ID, IP addresses, Device IDs, and Public Wallet Addresses.
  • 1.2 Processing: Any operation or set of operations (manual or automated) such as collection, organization, storage, adaptation, consultation, and destruction of data.
  • 1.3 Crypto-assets: Digital representations of value or rights which may be transferred and stored electronically, using distributed ledger technology (DLT).
  • 1.4 Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data.
  • 1.5 CASP: Crypto-Asset Service Provider, the legal status of Knaken under MiCAR.
  • 1.6 Sub-processor: An external party engaged by Knaken to perform a specific part of the processing (e.g., a KYC provider or Cloud hoster).

 

ARTICLE 2. SUBJECT MATTER AND APPLICABILITY

  • 2.1 Processor undertakes to process Personal Data solely for the purpose of executing the Main Agreement concluded between the Parties.
  • 2.2 The nature of the processing involves facilitating crypto transactions, managing digital wallets, performing statutory checks (KYC/AML), and providing customer support.
  • 2.3 This DPA shall prevail over the privacy provisions in the Main Agreement, unless explicitly agreed otherwise in writing.

 

ARTICLE 3. RIGHTS AND OBLIGATIONS OF THE CONTROLLER

  • 3.1 The Controller determines the purpose of the processing and guarantees that the collection of data has occurred lawfully.
  • 3.2 The Controller has the right to provide instructions to the Processor, provided these fall within the framework of the law.
  • 3.3 The Controller shall immediately notify the Processor of changes regarding the categories of data or data subjects.

 

ARTICLE 4. OBLIGATIONS OF KNAKEN (PROCESSOR)

  • 4.1 Instruction Compliance: Processor processes data only on the basis of written instructions, unless Processor is required to process data by Union or national law (such as MiCAR or Wwft). In such a case, Processor shall notify the Controller in advance, unless that law prohibits such notification.
  • 4.2 Confidentiality: Processor guarantees that all persons (employees and hired staff) authorized to process the data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • 4.3 Duty of Assistance: Taking into account the nature of the processing, Processor shall assist the Controller in fulfilling the obligation to respond to requests from Data Subjects (such as access or erasure).

 

ARTICLE 5. SECURITY MEASURES (RELIABILITY & DORA)

  • 5.1 State of the Art: Processor shall implement appropriate technical and organizational measures. Under the DORA Regulation, Processor guarantees a "high level of digital operational resilience."
  • 5.2 Specific Measures: These include, but are not limited to:
    • HSM Modules: Use of Hardware Security Modules for encrypting private keys.
    • Cold Storage: Physical separation of sensitive data and assets from the public internet where possible.
    • Multi-Factor Authentication (MFA): Mandatory MFA for all employees with access to management systems.
    • Logging & Monitoring: Continuous registration of all access attempts and actions within the database.
    • DDoS Protection: Measures to ensure data availability during network attacks.

 

ARTICLE 6. SUB-PROCESSORS

  • 6.1 General Consent: The Controller hereby provides general consent for the engagement of sub-processors. Knaken maintains an up-to-date list of these partners.
  • 6.2 Due Diligence: Knaken conducts in-depth research into the reliability of each sub-processor. They must meet standards comparable to those of Knaken itself.
  • 6.3 Contractual Safeguards: Knaken imposes the same data protection obligations on sub-processors as set out in this DPA.

 

ARTICLE 7. DATA BREACHES AND INCIDENTS

  • 7.1 Notification: Processor shall notify the Controller of any Data Breach without undue delay and at the latest within 24 hours after discovery.
  • 7.2 Provision of Information: The notification shall include at least:
    • The nature of the breach and the categories of data subjects.
    • The likely consequences of the breach.
    • The measures proposed to mitigate negative effects.
  • 7.3 Reporting: Processor shall document all breaches, including the facts, the effects, and the remedial actions taken.

 

ARTICLE 8. AUDIT AND TRANSPARENCY

  • 8.1 Right to Audit: The Controller has the right to have an audit performed once a year by an independent, certified IT auditor (e.g., RE or CISA).
  • 8.2 Cooperation: Processor shall make all necessary information available to demonstrate compliance with Article 28 GDPR and MiCAR requirements.
  • 8.3 Costs: The costs of the audit shall be borne by the Controller, unless the audit demonstrates that the Processor has materially failed to comply with this DPA.

 

ARTICLE 10. DATA SUBJECT RIGHTS AND BLOCKCHAIN

  • 10.1 Blockchain-Specific: The Parties acknowledge that certain data on the blockchain (such as transaction hashes and wallet addresses) is technically non-removable due to the nature of DLT.
  • 10.2 Solution: In the event of a request for the 'right to be forgotten', the Processor shall delete the data in its off-chain systems and destroy the link between natural persons and on-chain addresses, in accordance with the guidelines of European privacy regulators.

 

ARTICLE 11. RETENTION PERIODS (MICAR & WWFT)

  • 11.1 Statutory Precedence: Notwithstanding the general GDPR erasure obligation, Processor is required under the Wwft and MiCAR Article 75 to retain identification and transaction data for 5 years (with an extension up to 7 years) following the termination of the business relationship for regulatory purposes.
  • 11.2 Archiving: Following the termination of active services, this data will be archived and accessed exclusively for legal obligations.

 

ARTICLE 12. DURATION AND TERMINATION

  • 12.1 Term: This DPA remains valid for as long as the Main Agreement continues.
  • 12.2 Transfer: Upon termination, Processor shall transfer all data to the Controller or destroy it, subject to the statutory retention periods in Article 11.
  • 12.3 Exit Plan: Processor shall cooperate in a smooth transfer of data to any new service provider of the Controller.

 

ARTICLE 13. LIABILITY

  • 13.1 Limitation: Processor's liability is limited to direct damage resulting from an attributable failure, with a maximum of €100,000 per event.
  • 13.2 Exception: This limitation does not apply in cases of intent or willful recklessness, or if specific fines are imposed directly on Knaken by the Data Protection Authority due to the Processor's failure.
  • 13.3 Indemnification: The Controller indemnifies the Processor against third-party claims arising from the unlawful collection of data by the Controller.

 

ARTICLE 14. FINAL PROVISIONS

  • 14.1 Governing Law: This DPA is exclusively governed by Dutch law.
  • 14.2 Choice of Forum: Disputes shall be submitted to the competent court in Rotterdam.
  • 14.3 Severability: If any provision of this DPA is found to be void, the remaining provisions shall remain in full force and effect.

 

ANNEX A: SPECIFIC SECURITY MEASURES KNAKEN

  • Physical Security: Servers in Tier-4 data centers within the EU with biometric access.
  • Logical Security: Network segmentation (VLANs), Web Application Firewalls (WAF), and continuous vulnerability scanning.
  • Integrity: Regular checks of database snapshots against blockchain data to exclude corruption.
  • Personnel: Mandatory integrity training and screening for all 'high-risk' positions.

 

Ready to

Discover Knaken?

Disclaimer: Knaken Cryptohandel B.V. has applied for a MiCA license from the Netherlands Authority for the Financial Markets (AFM). This application is currently being assessed by the AFM.
Trading
Products
Academy
Company
Cookies Complaints DPA
Risk Disclosure Conflict of Interest
Terms and conditions Sustainability Indicator
Privacy policy Crypto-Assets Whitepapers
bitcoin kopen
HEAD OFFICE
Schiedamsevest 154
3011 BH Rotterdam
Netherlands

KNAKEN CRYPTOHANDEL B.V. © 2024

Knaken Cryptohandel B.V. has applied for a MiCA license from the Netherlands Authority for the Financial Markets (AFM). This application is currently being assessed by the AFM.

Investing in crypto-related products involves significant risks.

bitcoin kopen idealknaken settleknaken settlebetalen met cryptoknaken settlebitcoin kopenknaken settlebitcoin kopen idealbetalen met cryptobitcoin kopenbitcoin kopenknaken settlespend your cryptospend your cryptoknaken settlespend your crypto