The Company collects Personal Data and uses this Personal Data only for the purposes of offering, providing and/or improving the Services, unless a reasonable assessment is made that this Personal Data shall also be processed for additional purposes. Users will be informed if the Personal Data is processed for additional purposes.
The Company processes Personal Data on its own behalf, or jointly with other parties, such as banks, payment providers, know-your-customer (“KYC”) providers, crypto custodians, customer relationship management (“CRM”) tools, and other similar services.
This document contains the following information:
- Personal Data that the Company collects and how it is used;
- Purpose for the collection of Personal Data
- How IP address and cookies are used;
- Sharing of Personal Data with third parties;
- Transmission of personal information outside of the European Union;
- What rights User’s have;
- Security measures to protect User Personal Data;
- Retention of Personal Data
1. Type of information collected
The Company collects User’s Personal Data necessary for the identification and for the performance of the contractual and regulatory obligations of the Company. This information may include any or all of the following:
- Name, date and birthplace, personal identification number (if applicable), citizenship, mailing address, telephone number, e-mail address;
- Identification documents (for example, passport or state issued ID);
- Photo or video as required by KYC provider procedure;
- Data regarding User’s professional activities, or employment status;
- Purpose for establishing the Account, real and expected volume of transactions, financial information, source of funds/wealth;
- Data related to payments, including credit or debit card number, bank account and other payment information;
- Digital Assets wallet addresses;
- Usage Data such as: User’s Internet Protocol (IP) address, browser type, browser version, pages visited, links clicked on, the time and date of User’s visit, time spent on those pages, Services viewed or searched for, page response times, unique device identifiers and other diagnostic data, mobile network information, type of mobile device used, mobile device unique ID, operating system;
- Information about the Orders made and/or executed by the Users, including the quantity of the relevant Digital Assets and other information related to the Transactions;
- Information about the User's location;
- Data from QR or other barcodes scanned by the User's camera phone.
2. Purpose of the collection of Personal Data
Kasta collects and processes Personal Data for the following purposes:
- Verification of the User’s identity;
- To provide, maintain and improve the Services, including monitoring the usage of our Services; provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of Services;
- To manage User's Account and provide access to different Service functionalities;
- For the performance of a contract including the execution of product purchase contracts or compliance requirements related to those contracts;
- To contact Users by email, telephone, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or information related to the functionalities, products or contracted services, including the security updates;
- To provide Users with news, special offers and general information about other goods, services and events which the Company offers now or may offer in the future.
- To manage User's customer service requests;
- For business transfers including evaluation or completion of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data is among the assets transferred;
- For data analysis including but not limited to identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services, products, marketing and the User’s experience;
- For compliance with Company’s legal obligations;
- For targeting, modeling, or advertising purposes.
3. Categories of third parties receiving Personal Data
In accordance with the requirements of the GDPR, the Company has the right to disclose Personal Data that it processes to the following categories of recipients:
- To natural persons to whom the Personal Data relates;
- To Third parties, individuals, legal entities, public bodies, institutions and agencies, in fulfillment of legal or contractual obligations or on another valid legal basis, such as detection, prevention or other acts of fraud, technical security or security issues;
- To banks, or similar payment or financial service providers;
- To persons who maintain equipment and software used for processing User’s Personal Data;
- To service providers to monitor and analyze the use of the Service and to other service providers;
- For business transfers including the negotiations, merger, sale of Company’s assets, financing, or acquisition of all or a portion of our business with another company;
- With other entities Groupsuch as the Company’s parent companies, licensors and/or affiliates or any other subsidiaries, joint venture partners or other companies that the Company controls or that are under common control;
- With our business partners to offer User certain products, services or promotions;
- Users who choose to share personal information or otherwise interact in public may have this information viewed by other Users who may publicly distribute this information;
- With professional consultants such as auditors, lawyers, tax and financial advisors etc.;
- For any other purpose with Users consent.
4. Transfer of Personal Data to a third country or international organizations
5. Retention of the Personal Data
Personal Data for which there is no explicit legal obligation for storage will be deleted after achieving the purposes for which the Personal Data was collected and processed.
6. Security measures for Personal Data protection
The protection of information and Personal Data is a top priority of the Company, but no method of transmission over the Internet, or method of electronic storage is 100% secure, and the Company cannot guarantee its absolute security. The Company constantly implements and updates technical and organizational measures to ensure Personal Data protection. The Company regularly executes reviews of all procedures and rules for Personal Data collection, storage and processing.
7. What are User’s rights in connection with the processing of Personal Data by the Company
Users have the following rights with regard to their Personal Data:
- To receive information about their Personal Data which the Company collects. The Company will provide information and/or access to Personal Data collected or processed if a User requests such information to Company’s support services;
- To request deletion of Personal Data in the following circumstances: when it is no longer needed for the purposes for which they were collected or processed; if explicit consent was required and withdrawn; if there no longer exists a legal or contractual basis for processing the Personal Data or through a judicial order or a change in the relevant regulations. It is not possible to request the immediate deletion of Personal Data in every circumstance, for example if there is a regulatory obligation to maintain the Personal Data;
- To request limitation of the processing of Personal Data where the processing may violate applicable regulations but the User only wishes to limit the processing of that Personal Data;
- To request the transfer of Personal Data. The right to portability applies to Personal Data where the processing is based on the Users explicit consent or contractual obligation and the processing is carried out in an automated manner;
- To object to the Company about the processing of Personal Data. As per the requirements of the GDPR, the Company will answer within one month, whether it considers the objection justified and within the regulatory requirements;
- To withdraw consent to the processing of Personal Data if the processing was based solely on the User’s consent;
- To send a complaint to the competent Personal Data protection authority in case the User believes their rights have been violated. A list of all national and regional Personal Data protection authorities in the EU is available on this website: website-https://edpb.europa.eu/about-edpb/about-edpb/members_en
8. Automated decisions
The Company may make automated decisions about the User. This means that the Company may use technology that can evaluate the User’s personal circumstances and other factors to predict risks or outcomes. This is needed for the efficient running of the Service and to ensure decisions are fair, consistent and based on the right information. Where an automated decision is made about a User, the User has the right to ask that the decision be manually reviewed.
Cookies and pixel tags to monitor and observe the use of the Service. “Cookies" are small text files created and stored on a hard drive by internet browser software, which hold relevant information about the web page. Most internet browsers allow Users to disable cookies, however this may reduce website function. “Pixel tags” are small blocks of code on a webpage. They can include information such as the IP address, the time the pixel was viewed and the type of browser being used. Cookies will be applicable within Kasta App only when an integrated web browser is needed to view certain content or display an ad within the Kasta App. In this case the Cookies policy of the respective connected website is applicable.
10. Children’s privacy
The Service does not address anyone under the age of 18. The Company does not knowingly collect personally identifiable information from anyone under the age of 18. If the Company becomes aware that Personal Data was collected from anyone under the age of 18 without verification of parental consent, the information will be removed.
The email address provided when subscribing to Kasta’s communication/social channels and/or during the opening of an Account, or otherwise, may be used to send information and updates related to the Services, Orders and/or Transactions, and less frequently for news about the Company and/or the products the Company offers. Users can unsubscribe from receiving emails not specifically related to the Services, their Orders and/or Transactions by clicking the appropriate button at the end of each email.
Unsubscribing from marketing emails will have no effect on functionality emails such as a password reset or Transaction confirmation.
13. Submitting a request
14. Contact us