Privacy policy

This privacy policy (“Policy”) describes how Onramper, a.k.a. Onramper Technologies B.V. (“Onramper” “Company”, “we”, “our”, “us”) collects, uses, shares, and stores personal information of users of this website, www.onramper.com (the “Site”) and users of the Onramper widget and API (together, the “Software”), which can be used to interact with various third parties that offer fiat-to-cryptocurrency conversion services (“Fiat Gateways”). Use of the Onramper widget, API, or any of the software components built by Onramper shall be further referred to as usage of the Software. By using the Software, you (the “End User” / “You”) accept the terms of this Privacy Policy and our Terms of Use, and consent to our processing, use, disclosure, and retention of your information as described in this Policy.

What Personal Information do we collect?

What Personal Information do we collect?

What Personal Information do we collect?

What Personal Information do we collect?

We do not currently collect any personally identifiable information from you directly. However, we still collect data that, while it doesn’t qualify as personally identifiable information, is treated with the highest standard of care. The (categories of) data we may, now, or in the future, process are:

  • Transactional Data: information about your transaction history with Fiat Gateways, incl. the type of virtual financial assets involved, the order volume, price, value, and information on which bank is used for a transaction identified through the processing of a part of your credit card number. This does not include any Personally Identifiable Information.

  • Information we collect automatically about how you use our Site and/or Software, (“Product Usage Data”), including information on the device(s) you may use (“Device Information”) and information on when, where and how you use our Site and/or Software, including your IP address and info such as your browser type (“Log Data”). For a more specific overview of what information is collected automatically, see the section named ‘Cookie Policy’ below.

The processing of any other data inserted by End-users when making use of services provided by Fiat Gateways is governed by the privacy policies of the individual Fiat Gateway(s) used by the End User. With regards to this data, Onramper does not act as a data controller.

While Onramper does not collect any personal information from you, the Fiat Gateways do, as covered by their privacy policies. Those Fiat Gateways may share data with Onramper. This can include your phone number, country, your email address and your name, but does not include credit card numbers or any other PAN or CVC data. To learn more about the data processing that occurs when making use of the services offered by Fiat Gateways, see Moonpay’s privacy policy, BTCDirect’s privacy policy, Coinify’s privacy policy, Indacoin’s privacy policy orWyre’s privacy policy, Mercuryo’s privacy policy, Utorg’s privacy policyor Xanpool’s privacy policy.

What do we use your data for?

What do we use your data for?

What do we use your data for?

What do we use your data for?

We may process Usage Data, Transactional Data, Device Data, and Log Data for us to:

  • perform user analytics to keep track of usage and better understand our users; carry out research and development to improve our Site and/or Software,

  • identify IT or network issues,

  • identify mal-intended usage of our Site and/or Software,

  • manage our Site and/or Software, system administration, and security,

  • provide actionable data insights to Business Users,

  • improve the way Fiat Gateways are selected and shown to the users,

  • prevent fraud, money laundering or unauthorized use of our Software, and

  • to customize the content and layout of the Websites.

What is the legal basis for the processing of your data?

What is the legal basis for the processing of your data?

What is the legal basis for the processing of your data?

What is the legal basis for the processing of your data?

The processing of your Product Usage Data, Transactional Data, Device Information, and Log Data occurs for the purposes described above, based on our legitimate interests. These interests include improving, maintaining, providing and enhancing our Site and Software, our marketing interests, our need to contact Business Users with regards to use of our API/widget, our interests concerning ensuring the security of the Software and our Site, as well as our legitimate interest in being able to provide data insights to Business Users. We limit our collection of processing of data to what is necessary for these purposes, and this processing of personal information for our legitimate interests is not disproportionate to your data-protection interests, fundamental rights, and/or freedoms.

The processing of personally identifiable information, and any other information filled in by the End-User, as well as some transactional data, is covered by the privacy policies of the various Fiat Gateways. Onramper might process information as a data processor on behalf of the Fiat Gateway (the data controller). To learn more about the data processing that occurs when making use of the services offered by Fiat Gateways, see Moonpay’s privacy policy, BTCDirect’s privacy policy, Coinify’s privacy policy, Indacoin’s privacy policy orWyre’s privacy policy, Mercuryo’s privacy policy, Utorg’s privacy policyor Xanpool’s privacy policy.

Do we share or transfer personal information with or to third parties?

Do we share or transfer personal information with or to third parties?

Do we share or transfer personal information with or to third parties?

Do we share or transfer personal information with or to third parties?

In alignment with the purposes of processing, we share or transfer data with the following third-parties:

  • Google Analytics Data (Product Usage Data) gathered because of your usage of our Site might be stored on Google Analytics’ servers.

  • We may provide Business Users with access to Transactional Data to provide them with actionable data insights.

  • All other data is stored using Amazon Web Services, Snowflake and Thoughtspot.

Again, note that all data processing regarding personal information inputted by End-Users to make use of services provided by Fiat Gateways is governed by the privacy policies of those individual Fiat Gateway(s) used by the End User. As such, even though Onramper may act as a data processor for those Fiat Gateways, all information regarding that processing of data is determined and provided by those Fiat Gateways in their privacy policies.

How is your personal information retained and secured?

How is your personal information retained and secured?

How is your personal information retained and secured?

How is your personal information retained and secured?

Onramper does not itself store any cardholder information and does not qualify as a processor, merchant, or service provider as described under Payment Card Industry Data Security Standards (PCI DSS). While Onramper does not come under the scope of PCI-DSS, our existing security program already addresses many of its concerns. As we evolve our security program and processes, we will continue to assess the benefits of obtaining compliance.

We employ industry-standard security measures designed to protect the security of all information submitted through the Software. Information gathered to use Google Analytics as described in this privacy policy, is stored by Google Analytics, which has earned the independent security standard ISO 27001 certification.

Any information processed on, or through, Amazon Web Services are similarly secure by way of compliance with applicable industry-standard certifications and best practices. AWS has achieved numerous internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27701 for privacy information management, and ISO 27018 for cloud privacy, as well as SOC 2 and SOC 3 compliance.

Snowflake’s government deployments have achieved Federal Risk & Authorization Management Program (FedRAMP) Authorization to Operate (ATO) at the Moderate level. In addition, support for ITAR compliance, SOC 2 Type 2, PCI DSS compliance, and support for HITRUST compliance all validate the level of Snowflake security required by industries, and state and federal government.

ThoughtSpot has successfully completed the Service Organization Control (SOC) 2 Type II audit. The SOC 2 report verifies the suitability of the design and operating effectiveness of ThoughtSpot’s information security practices, policies, procedures, and operations to meet the standards for security, availability, and confidentiality. The ISO/IEC 27001:2013 certification specifies security management best practices and controls for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. It ensures that our ISMS is fine-tuned to keep pace with changes to security threats, essential in the fast-paced world of IT security. ThoughtSpot submits to a re-certification audit every third year, inclusive of an annual surveillance audit. ThoughtSpot’s certificate can be found here.

We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Software are responsible for maintaining the security of any password or another form of authentication involved in obtaining access to password protected. To protect you and your data, we may suspend your use of any of the Software, without notice, pending an investigation, if any breach of security is suspected.

For how long is my data retained?

For how long is my data retained?

For how long is my data retained?

For how long is my data retained?

There’s no personally identifiable data collected by Onramper itself. All personal data that is shared with Onramper by Fiat Gateways will be retained for a maximum of 24 months, or shorter where such data are no longer required for the purposes for which they are processed.

What are my rights relating to my data?

What are my rights relating to my data?

What are my rights relating to my data?

What are my rights relating to my data?

Under the European General Data Protection Regulation, you have certain rights regarding your personal information. You may ask us to take the following actions concerning your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you important Service-related and other non-marketing communications.

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.

  • Correct. Update or correct inaccuracies in your personal information.

  • Delete. Delete your personal information.

  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

  • Restrict. Restrict the processing of your personal information.

  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to compliance@onramper.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at compliance@Onramper.com or submit a complaint to the data protection regulator in your jurisdiction.

Cross-Border Data Transfer

Cross-Border Data Transfer

Cross-Border Data Transfer

Cross-Border Data Transfer

Please be aware that your data might be transferred to, processed, and stored in the United States or other non-EEA jurisdictions. Whenever we transfer your personal information out of the EEA to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.

Cookie policy

For the processing of Product Usage Data, Device Data and Log Data, and the use thereof as described above, we may use cookies. Cookies are small files that are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular client or website and can potentially be accessed by us, as well as your personal computer.

Cookies could allow us to collect data automatically (some of which might be considered personal information. Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent” cookies, which remain until their deletion by you (discussed below) or the party who served the cookie. Some Cookies are necessary for certain uses of the Site, and without such Cookies, we would not be able to provide you with functional access to the Site and/or Service. These ‘Necessary Cookies’ could, for example, enable us to remember your previous actions within the same browsing session and secure our Sites. They could also allow us to, for instance, deliver a page tailored to a user, based on the device you are using and the location you are in. Specifically, they allow us to save your cookie preferences!

Aside from this functional purpose, we mainly use cookies for the analytical purposes described in the section on ‘How we use your personal information above’. These ‘Analytical Cookies’, which allow us to use Google Analytics, may process and store information such as a user’s Internet Protocol (IP) address, internet service provider, device and browser type, browser version and settings, language preference, cache preferences, operating system, platform, device identifier, device type and manufacturer, location information, demographics, the pages or features of our Site and/or Service to which a user browsed and the time spent on those pages or features, the frequency with which the Site and/or Service is used by a user, search terms, the links on our Site that a user clicked on or used, timestamps and other statistics.

We may also use Google Analytics to help us offer you a better-optimized user experience. You can find more information about Google Analytics’ use of your data here.

Necessary cookies are crucial for the basic functions of the website and the website will not work in its intended way without them. These cookies do not store any personally identifiable data.

Cookie

Type

Duration

Discription

cookieyesID

http

1 year

Unique identifier for visitors used by CookieYes with respect to the consent

cky-consent

http

1 year

The cookie is set by CookieYes to remember the user’s consent to the use of cookies on the website.

cookieyes-necessary

http

1 year

This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the “Necessary” category

cookieyes-functional

http

1 year

This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the “Functional” category.

cookieyes-analytics

http

1 year

This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the “Analytics” category.

cookieyes-performance

http

1 year

This cookie is set by CookieYes and is used to remember the consent of the users for the use of cookies in the “Performance” category.

Analytical cookies are used to understand how visitors interact with the Site or Software. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. and help us optimize the Site or Software.

Cookie

Type

Duration

Discription

_GA

http

2 years

A Google Analytics-related cookie used to distinguish users, in order to keep track of Product Usage Data over time.

_gid

http

24 hours

A Google Analytics cookie used to distinguish users

_gat

http

1 minute

Google Analytics cookie, used to throttle request rate.

AMP_TOKEN

http

30 second to 1 year

Google Analytics cookie that contains a token that can be used to retrieve a Client ID from AMP Client ID service.

_gali

http

session

_gali is used by Google Analytics to determine which links on a page that are being clicked.

How to disable Cookies?

How to disable Cookies?

How to disable Cookies?

How to disable Cookies?

Most internet browsers are initially set up to automatically accept cookies. If you do not want our websites to store cookies on your device, you can change your browser settings so that you receive a warning before certain cookies are stored. You can also adjust your settings so that your browser refuses most of our cookies or only certain cookies from third parties. You can also withdraw your consent to cookies by deleting the cookies that have already been stored.

If you disable the cookies that we use, this may impact your experience while on the Unilever website, for example, you may not be able to visit certain areas of a website or you may not receive personalized information when you visit a website.

If you use different devices to view and access the Site and/or Software (e.g., your computer, smartphone, tablet) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.

The procedures for changing your settings and cookies differ from browser to browser. If necessary, use the help function on your browser or click on one of the links below to go directly to the user manual for your browser.

To find out more about cookies, including how to see what cookies have been set on your PC and how to manage and delete them, visit www.allaboutcookies.org.

Contact info

Contact info

Contact info

Contact info

Email address: compliance@onramper.com