Last Updated: 15 September, 2023
- Purpose of this policy
- Who we are
We are Transak (‘we’, ‘us’, ‘our’), a developer integration toolkit to let users buy and/or sell Cryptocurrency in any app, website or web plugin. As a global onramp/off ramp service provider, we receive and process the personal data of individuals. We have instituted a comprehensive global data protection compliance framework in order to fulfil our responsibilities to protect personal data and to respect privacy rights in compliance with data protection and privacy laws and regulations around the world, including but not limited to the European Union’s General Data Protection Regulation (GDPR), UK Data Protection Act, California Consumer Privacy Act (CCPA).
This Policy explains how and why Transak and its affiliates collect and use personal data when we provide our services as a fiat to crypto on/off ramp services (Service). Transak group is structured in different jurisdictions, in case of any specific question please contact us. This notice is addressed to the individual whose personal data is being processed by us and the individual acting as a Transak business partner.
Transak keeps this notice under regular review to make sure it is up to date and accurate. The most recent version will govern our use of your information and will always be available on the Transak Website/App. By continuing to access or use this site after any changes become effective, you agree to accept the revised privacy notice. Please visit this privacy notice on a regular basis to ensure that you have read the latest version.
- How Do We Protect Your Personal Information
3.1 We are serious about guarding the security of your personal information and use a secure server to store your personal information. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Transport Layer Security technology.
3.2 As you will know, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during transmission, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
3.3 We restrict access of your personal information to those employees of Transak who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.
- Information We May Collect From You
We may collect and use the following data about you:
4.1 Information you give us.
(a) You may give us information about you when you sign up to use our service, e.g. when you provide us with your personal details, such as your name and email address. This also includes information you provide through your continued use of our Services, participate in discussion boards or other social media functions on our Website or App, enter a competition, promotion or survey, and when you report a problem with our Services. The information you give us may include your name, address, e-mail address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security number, personal description and photograph and in some cases (where permitted by law), special categories of personal data, such as user’s biometric information.
(b) We may also need additional commercial and/or identification information from your e.g. if you send or receive certain high-value or high volume transactions or as needed to comply with our anti-money laundering obligations under applicable law. We may also receive risk, fraud and credit related data – for example credit history, sanctions and criminal offences, and information received from various anti-fraud databases and employment history – for example information on previous or current employer, job role, salary, employment benefit options, educational background or professional licenses and qualifications.
4.2 Information we collect about you. With regard to your use of our Services we may automatically collect the following information:
(a) details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;
(b) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page, Survey responses, information provided to our support team or user research team and any e-mail ID used to contact our support.
4.3 Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them.
- the banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
- Online Identifiers: Geo location/tracking details, browser fingerprint, operating system, browser name and version, and/or personal IP addresses.
- business partners may provide us with your name and address, as well as financial information, such as card payment information;
- advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website;
- credit reference agencies do not provide us with any personal information about yourself, but may be used to corroborate the information you have provided to us.
We send cookies to your computer in order to uniquely identify your browser and improve the quality of our service. The term "cookies" refers to small pieces of information that a website sends to your computer's hard drive while you are viewing the site. We may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your browser help file directions. If you choose to disable cookies, some areas of Website may not work properly or at all. We may collect anonymous information about your visits to Transak using cookies, and interaction with Transak. We may also use information about your visits to the Website to target advertisements for our Services. No Personal Information is collected or used in this process. Users can opt-out of sharing this information with third parties by deactivating cookies, the process of which varies from browser to browser. Please refer to the help file of your browser to understand the process of deactivating cookies on your browser.
- Uses Made Of The Information
We use your personal data primarily only to the extent that it is necessary for the purposes of conducting our business, and only for the purpose for which it was originally collected and any other permissible, related purpose. We may use your personal data for a number of reasons:
(a) to carry out our obligations relating to your contract with us and to provide you with the information and ervices;
(b) to comply with any applicable legal and/or regulatory requirements;
(c) to notify you about changes to our Services;
(d) as part of our efforts to keep our Services safe and secure;
(e). to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(f) to improve our Services and to ensure that they are presented in the most effective manner;
(g) to measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;
(h) to allow you to participate in interactive features of our Services, when you choose to do so;
goods and/or services we offer;
(j) to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you as and when required; or
(k) to combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
(l) Fulfilling legal or regulatory obligations and protecting ourselves and our clients against fraud, money laundering, terrorism and other crimes.
Transak adheres to the principle of purpose limitation and only processes data for purposes related to those specified when personal data were collected. Processing for secondary purposes only takes place where we have a legal basis and/or to provide services to youTo assess our adherence to this principle, Transak considers the relationship between the purposes for which the data have been collected and the purposes of further processing, the context in which the data have been collected, the reasonable expectations of the data subjects, the nature of the data and the impact of the further processing on the data subjects.
- Where do we get personal data from?
In most cases, we receive personal data when you register on our Website/App, we may receive personal data directly from you. We may receive your data also from other parties such as service providers or anti-fraud databases, sanctions lists, court judgements, blockchain database and other authorised official public databases as for example commercial registers, regulator's databases, KYC service providers etc.
- Disclosure Of Your Information
8.1 We may share your information with selected third parties including:
(a) affiliates, business partners, suppliers, IT service providers, KYC service providers and sub-contractors for the performance and execution of any contract we enter into with them or you;
(b) advertisers and advertising networks solely to select and serve relevant adverts to you and others; and
(c) analytics and search engine providers that assist us in the improvement and optimisation of our site
8.2 We may disclose your personal information to third parties:
(d) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
(e) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service and other applicable agreements; or to protect the rights, property, or safety of Transak, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
(f) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
(g) to prevent and detect fraud or crime;
(h) in response to a subpoena, warrant, court order, or as otherwise required by law;
(i) to assess financial and insurance risks;
(j) to recover debt or in relation to your insolvency; and
(k) to develop customer relationships, services and systems.
We take particular care when working with third parties. We only share personal data with affiliates, business partners, third party service providers or vendors when we have a legitimate business purpose for doing so and/or when permissible by law. We require third parties to maintain similar standards to ours for the protection of personal data, as verified by our due diligence process.
- Where We Store Your Personal Data
- Sharing Your Data Outside Of The EEA
In order to provide our global Services to you, it is sometimes necessary for us to transfer your data to the third parties outlined in section 5.1 that are based throughout the world and possibly outside of the European Economic Area. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organisational security measures to protect your data. We also ensure we have appropriate contractual protections in place with these third parties. To regulate intra group personal data transfers, Transak has executed service level agreements. For more information on the appropriate safeguards in place, please contact us. We do not sell personal data.
- Profiling And Automated Decision Making
11.1 We may use some instances of your data in order to customise our Services and the information we provide to you, and to address your needs - such as your country of address and transaction history. For example, if you frequently send funds from one currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we only use pseudonymised data wherever possible. This activity has no legal effect on you.
11.2 As part of being a highly technical and innovative company, we may use Automated Decision Making (ADM) in order to improve your experience, or to help fight financial crime. For example, so that we can provide you with a fast and efficient service, we may use ADM to verify your identity documents, or to confirm the accuracy of the information you have provided to us. None of our ADM processes have a legal effect on you.
- Data Retention
12.1 As a regulated financial institution, Transak is required by law to store some of your personal and transactional data beyond the closure of your account with us. Your data is only accessed internally on a need to know basis, and it will only be accessed or processed if absolutely necessary.
12.2 We keep your personal information in compliance with applicable legal retention periods, in accordance with the purpose and the legal ground it was collected, and to comply with our legal and regulatory requirements. This may include keeping your information for a reasonable period of time after your relationship with us has ended. We securely destroy personal data when they are no longer needed for the relevant purposes and its retention period has expired. In some circumstances we retain aggregated or anonymised data which can no longer be associated with you and is therefore not considered personal data. If you need more information about the retention or deletion of your personal data, please see also the section on your privacy rights below and contact us using the details provided in this document.
- Your Rights
13.1 You may have the right to find out what personal information we hold about you (this includes what category of personal data and/or specific personal data).
13.2 You have the right to withdraw your consent at any time by closing Your Account with Us or reach out to us at [email protected], or by adjusting your notification preferences in the “Settings” section of your account page.
13.3 You have the right to correct any personal information We hold about you that is inaccurate, incorrect, or out of date.
13.4 You have the right to ask us to delete your data when it is no longer necessary, or no longer subject to a legal obligation to which Transak is subject to.
13.5 You have the right to transfer your personal data between data controllers, for example, to move your account details from one service provider to another.
13.6 You have the right to object to any processing done under legitimate interests. We will then re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may still continue to use your information.
13.7 You have a specific right to object to our use of your information for direct marketing purposes, which we will always act upon.
13.8 If you are uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We will inform you of the outcome before we take any further action in relation to this information.
13.9 Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
13.10 Please note that, before we can process your request, we may need to verify your identity by asking you to provide a copy of an official identification document and/or a copy of an evidence of your residency address or similar.
- Our policies and standards
We handle personal data with the greatest care and use it only for legitimate and specified business purposes. Furthermore, our internal process including policies, standards, information security measures, appointed Data Protection Officer, training and awareness programmes and business-relevant procedures – sets forth the following key principles:
We respect the privacy rights of Transak's employees, end users, business partners and other individuals whose personal data we have and use.
We protect personal data by implementing appropriate technical and organisational measures in our data processing operations.
We obtain personal data fairly and only use it for legitimate business purposes.
We hold ourselves accountable for demonstrating compliance with applicable legal and regulatory requirements and understanding of our roles and responsibilities.
Data Protection Policy, are applicable to all of Transak's entities worldwide and are derived from internationally recognized privacy principles.
Finally, we recognise that today's digital reality is one where data circulates globally, and risks may present themselves in unprecedented ways. Consequently, we take care to understand relevant laws and regulations and assess the risks that arise as personal data is processed in our global operations.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. Please recognize that you play a vital role in protecting your own personal information. If you have reason to believe that your data is no longer secure, please contact us using the contact information provided in the “How to contact us” section below.
- Our measures to implement policies and standards:
Data protection policies and standards form part of Transak’s governance and are brought to the attention of all staff, contractors, partners and vendors, for whom they are binding. robust controls we ensure that all staff understand, have access to and can easily interpret data protection laws and requirements and they have adequate training and support to ensure and demonstrate their knowledge and adequacy for the role.
We coordinate with our internal operational risk management, audit, and information security colleagues so that we can optimise the implementation of the data protection , identify and address gaps, further mitigate risks and monitor compliance.
- Children’s Personal Information
We do not knowingly request to collect personal information from any person under the age of 18. If a ser submitting personal information is suspected of being younger than 18 years of age, Trasnak will require the user to close his or her account and will not allow the UOur Services. We will also take steps to delete the information as soon as possible. Please notify s if you know of any individuals under the age of 18 using We can take action to prevent access to ur Services.
18.2 If you feel that we have not addressed your questions or concerns adequately, you may make a complaint to a data protection regulator or supervisory authority. We encourage you to contact us first so we can address your concerns.