The Company collects Personal Data and uses this Personal Data only for the purposes of offering, providing and/or improving the Services, unless a reasonable assessment is made that this Personal Data shall also be processed for additional purposes. Users will be informed if the Personal Data is processed for additional purposes.
The Company processes Personal Data on its own behalf, or jointly with other parties, such as banks, payment providers, know-your-customer (“KYC”) providers, crypto custodians, customer relationship management (“CRM”) tools, and other similar services.
This document contains the following information:
- Personal Data that the Company collects and how it is used;
- Purpose for the collection of Personal Data;
- How IP address and cookies are used;
- Sharing of Personal Data with third parties;
- Transmission of personal information outside of the European Union;
- What rights User’s have;
- Security measures to protect User Personal Data;
- Retention of Personal Data.
Type of information collected
The Company collects User’s Personal Data necessary for the identification and for the performance of the contractual and regulatory obligations of the Company. This information may include any or all of the following:
- Name, date and birthplace, personal identification number (if applicable), citizenship, mailing address, telephone number, e-mail address;
- Identification documents (for example, passport or state issued ID);
- Photo or video as required by KYC provider procedure;
- Data regarding User’s professional activities or employment;
- Purpose for establishing the Account, real and expected volume of Transactions, financial information, source of funds/wealth;
- Data related to payments, including credit or debit card number, bank account and other payment information;
- Digital Assets wallet addresses;
- Usage Data such as: User’s Internet Protocol (IP) address, browser type, browser version, pages visited, links clicked on, the time and date of User’s visit, time spent on those pages, Services viewed or searched for, page response times, unique device identifiers and other diagnostic data, mobile network information, type of mobile device used, mobile device unique ID, operating system;
- Information stored on your device, including if you give us access to contact information from your contacts list. The Ka.app will regularly collect this information in order to stay up to date (but only if you have given us permission).
- Information about the Orders made and/or executed by the Users, including the quantity of the relevant Digital Assets and other information related to the Transactions;
- Information about the User's location;
- Data from QR or other barcodes scanned by the User's camera phone.
2. Purpose of the collection of Personal Data
Kasta collects and processes Personal Data for the following purposes:
- Verification of the User’s identity;
- To provide, maintain and improve the Services, including monitoring the usage of our Services; provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of Services;
- To manage User's Account and provide access to different Service functionalities;
- For the performance of a contract including the execution of contracts related to cryptocurrency and/or Digital Assets transactions or compliance requirements related to those contracts;
- To contact Users by email, telephone, SMS, or other equivalent forms of electronic communication, regarding updates or information related to the functionalities, products or contracted Services, including the security updates;
- To provide Users with news, special offers and general information about other goods, services and events that the Company offers now or may offer in the future;
- To manage User’s customer service requests;
- For business transfers including evaluation or completion of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data is among the assets transferred;
- For data analysis including but not limited to identifying usage trends, determining the effectiveness of our promotional campaigns and evaluating and improving Kasta Services, products, marketing and the User’s experience;
- For compliance with Company’s legal obligations;
- For targeting, modeling, or advertising purposes.
3. Categories of Third Parties Receiving Personal Data
In accordance with the requirements of the GDPR, the Company has the right to disclose Personal Data that it processes to the following categories of recipients:
- To natural persons to whom the Personal Data relates;
- To third parties, individuals, legal entities, public bodies, institutions and agencies, in fulfillment of legal or contractual obligations or on another valid legal basis, such as detection, prevention or other acts of fraud, technical security or security issues;
- To banks, or similar payment or financial service providers;
- To persons who maintain equipment and software used for processing User’s Personal Data;
- To service providers to monitor and analyze the use of the Service and to other service providers;
- For business transfers including the negotiations, merger, sale of Company’s assets, financing, or acquisition of all or a portion of our business with another company;
- With other entities such as the Company’s parent companies, licensors and/or affiliates or any other subsidiaries, joint venture partners or other companies that the Company controls or that are under common control;
- With our business partners to offer User certain products, services or promotions;
- Users who choose to share personal information or otherwise interact in public may have this information viewed by other Users who may publicly distribute this information;
- With professional consultants such as auditors, lawyers, tax and financial advisors etc.;
- For any other purpose with Users consent.
4. Transfer of Personal Data to a third country or international organizations
5.Retention of the Personal Data
Personal Data for which there is no explicit legal obligation for storage will be deleted after achieving the purposes for which the Personal Data was collected and processed.
6. Security measures for Personal Data protection
The protection of information and Personal Data is a top priority of the Company, but no method of transmission over the Internet, or method of electronic storage is 100% secure, and the Company cannot guarantee its absolute security. The Company constantly implements and updates technical and organizational measures to ensure Personal Data protection. The Company regularly executes reviews of all procedures and rules for Personal Data collection, storage and processing.
7. What are User’s rights in connection with the processing of Personal Data by the Company
Users have the following rights with regard to their Personal Data:
- To receive information about their Personal Data which the Company collects. The Company will provide information and/or access to Personal Data collected or processed if a User requests such information to Company’s customer services;
- To request deletion of Personal Data in the following circumstances: when it is no longer needed for the purposes for which they were collected or processed; if explicit consent was required and withdrawn; if there no longer exists a legal or contractual basis for processing the Personal Data or through a judicial order or a change in the relevant regulations. It is not possible to request the immediate deletion of Personal Data in every circumstance, for example if there is a regulatory obligation to maintain the Personal Data;
- To request limitation of the processing of Personal Data where the processing may violate applicable regulations but the User only wishes to limit the processing of that Personal Data;
- To request the transfer of Personal Data. The right to portability applies to Personal Data where the processing is based on the Users explicit consent or contractual obligation and the processing is carried out in an automated manner;
- To object to the Company about the processing of Personal Data. As per the requirements of the GDPR, the Company will answer within one month, whether it considers the objection justified and within the regulatory requirements;
- To withdraw consent to the processing of Personal Data if the processing was based solely on the User’s consent;
- To send a complaint to the competent Personal Data protection authority in case the User believes their rights have been violated. A list of all national and regional Personal Data protection authorities in the EU is available on this website – https://edpb.europa.eu/about-edpb/about-edpb/members_en .
8. Automated decisions
The Company may make automated decisions about the User. This means that the Company may use technology that can evaluate the User’s personal circumstances and other factors to predict risks or outcomes. This is needed for the efficient running of the Service and to ensure decisions are fair, consistent and based on the right information. Where an automated decision is made about a User, the User has the right to ask that the decision be manually reviewed.
Cookies and other tracking technologies (“Cookies”) are used to monitor and observe the use of the Service.
The Company uses both Session and Persistent Cookies for the purposes set out below:
- Necessary / Essential Cookies
Type: Session Cookies
Administered by: Kasta
Purpose: These Cookies are essential to provide Users with the Services available through the Website and to enable the use of some of its features. They help to authenticate Users and prevent fraudulent use or help detect any problems with the Website. Without these Cookies, the Website will either not work at all or may not perform as expected and result in poor user experience.
- Marketing Cookies
Type: Persistent Cookies
Administered by: Kasta
Purpose: These Cookies are frequently used to track User preferences and/or browsing, send advertising, or track the User on the Website or across several websites for similar marketing purposes. Kasta may use Third-Party Services which may include GoogleAds, DoubleClick, AddThis WordPress plugins, Remarketing pixels, Social Media cookies.
- Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Kasta
- Functionality Cookies
Type: Persistent Cookies
Administered by: Kasta
Purpose: These Cookies allow the Company to remember the choices Users make when they access the Website, such as remembering login details, location and/or language preference. The main purpose of these Cookies is to provide the User with a more personal experience and/or enhanced content. Thus resulting in a better user experience whilst using the website.
Apart from Cookies, the Company may use similar tracking technologies to track the Services, store certain information, and improve and analyze the Services. These technologies may include:
- “Internet tags” can be placed both in online ads that lead Users to the Website and on various pages on the Website. This technology is used to measure the response of visitors to the webpage and the effectiveness of the advertising campaigns (including how many times a page has been opened and what information has been viewed), as well as to evaluate Users’ use of the Website.
- “Pixel tags” are small blocks of code on a webpage. They can include information such as the IP address, the time the pixel was viewed and the type of browser being used.
10. Children’s privacy
The Service does not address anyone under the age of 18. The Company does not knowingly collect personally identifiable information from anyone under the age of 18. If the Company becomes aware that Personal Data was collected from anyone under the age of 18 without verification of parental consent, the information will be removed.
The email address provided when joining the waitlist, subscribing to Kasta communication/social channels and/or during the opening of an Account, or otherwise, may be used to send information and updates related to the Services, Orders and/or Transactions, and less frequently for news about the Company and/or the products the Company offers. Users can unsubscribe from receiving emails not specifically related to the Services, their Orders and/or Transactions by clicking the appropriate button at the end of each email.
Unsubscribing from marketing emails will have no effect on functionality emails such as a password reset or Transaction confirmation.
13. Submitting a request
14. Contact us