Privacy Policy and Data Protection Framework – Wíssel Kapita
Version 3.2 – Last updated: April 9, 2026
Article 1: Identification of the Data Controller
This Privacy Policy defines the strict data processing protocols employed by Wíssel Kapita ("the Platform", "we", "us" or "our'), located at WTC Amsterdam, Strawinskylaan 4117, 1077 ZX Amsterdam, Netherlands. We act as data controller within the meaning of the General Data Protection Regulation (GDPR). Given the advanced nature of our financial data structures, we have appointed a Data Protection Officer (DPO), reachable via [email protected].
Article 2: Categories of Personal Data Processed
To ensure an institutional degree of security and precision, we collect the following categories of data:
Identity Data
Full legal name, date of birth, nationality, and official identification documents required for legal Know Your Customer (KYC) verifications.
Contact Information
Verified email address, active mobile phone number, and officially registered residential address.
Financial Telemetry
Information on source of wealth, wallet addresses, transaction history, and detailed user risk profiles.
Digital Footprint & Interaction
IP addresses, device specifications, geographical routing data, and granular logs of your interactions with our analytical interfaces.
Article 3: Legal Basis and Purposes of Processing
In accordance with Article 6 of the GDPR, we process your personal data on the basis of:
Contractual necessity
For creating and managing your account and providing our core analytical services.
Legal obligations
Compliance with the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wwft) and other financial supervision legislation.
Legitimate interest
For proactive fraud prevention, network security, and the optimization of our algorithms via anonymized datasets.
Explicit consent
For sending personalized market reports and the use of non-essential analytical cookies.
Article 4: Advanced Security and Encryption
Wíssel Kapita employs enterprise-grade security standards:
- AES-256 Encryption: All data at rest is stored with military-grade encryption.
- TLS 1.3 Protocols: All data transfer between the user and our servers is end-to-end encrypted.
- Sovereign Hosting: Data is exclusively stored on redundant, heavily secured servers within the European Economic Area (EEA) with strict physical and logical access controls.
Article 5: Retention Periods and Archiving
We retain your data no longer than strictly necessary for the stated purposes:
- Active Data: For the duration of the contractual relationship.
- Legal Archives: Personal data and financial identification records are retained for a period of seven (7) years after termination of the relationship, in accordance with Dutch tax retention obligations.
Article 6: Your Rights under the GDPR
The European GDPR grants you inalienable rights: the right to access, rectification, erasure ("right to be forgotten'), restriction of processing, data portability, and the right to object. You can exercise these rights via [email protected]. You also have the right to lodge an official complaint with the Dutch Data Protection Authority (AP).