What Personal Information do we collect?
We do not currently collect any personally identifiable information from you directly. However, we still collect data that, while it doesn’t qualify as personally identifiable information, is treated with the highest standard of care.
The (categories of) data we may, now, or in the future, process are:
- Transactional Data: information about your transaction history with Fiat Gateways, incl. the type of virtual financial assets involved, the order volume, price, value, and information on which bank is used for a transaction identified through the processing of a part of your credit card number. This does not include any Personally Identifiable Information.
The processing of any other data inserted by End-users when making use of services provided by Fiat Gateways is governed by the privacy policies of the individual Fiat Gateway(s) used by the End User. With regards to this data, Onramper does not act as a data controller.
What do we use your data for?
We may process Product Usage Data, Transactional Data, Device Data, and Log Data for us to:
- perform user analytics to keep track of usage and better understand our users; carry out research and development to improve our Site and/or Software,
- identify IT or network issues,
- identify mal-intended usage of our Site and/or Software,
- manage our Site and/or Software, system administration, and security,
- provide actionable data insights to Business Users,
- improve the way Fiat Gateways are selected and shown to the users,
- prevent fraud, money laundering or unauthorized use of our Software, and
- to customize the content and layout of the Websites.
What is the legal basis for the processing of your data?
The processing of your Product Usage Data, Transactional Data, Device Information, and Log Data occurs for the purposes described above, based on our legitimate interests. These interests include improving, maintaining, providing and enhancing our Site and Software, our marketing interests, our need to contact Business Users with regards to use of our API/widget, our interests concerning ensuring the security of the Software and our Site, as well as our legitimate interest in being able to provide data insights to Business Users. We limit our collection of processing of data to what is necessary for these purposes, and this processing of personal information for our legitimate interests is not disproportionate to your data-protection interests, fundamental rights, and/or freedoms.
Do we share or transfer personal information with or to third parties?
In alignment with the purposes of processing, we share or transfer data with the following third-parties:
- Google Analytics Data (Product Usage Data) gathered because of your usage of our Site might be stored on Google Analytics’ servers.
- We may provide Business Users with access to Transactional Data to provide them with actionable data insights.
- All other data is stored using Amazon Web Services, Snowflake and Thoughtspot..
Again, note that all data processing regarding personal information inputted by End-Users to make use of services provided by Fiat Gateways is governed by the privacy policies of those individual Fiat Gateway(s) used by the End User. As such, even though Onramper may act as a data processor for those Fiat Gateways, all information regarding that processing of data is determined and provided by those Fiat Gateways in their privacy policies.
How is your personal information retained and secured?
Onramper does not itself store any cardholder information and does not qualify as a processor, merchant, or service provider as described under Payment Card Industry Data Security Standards (PCI DSS). While Onramper does not come under the scope of PCI-DSS, our existing security program already addresses many of its concerns. As we evolve our security program and processes, we will continue to assess the benefits of obtaining compliance.
Any information processed on, or through, Amazon Web Services are similarly secure by way of compliance with applicable industry-standard certifications and best practices. AWS has achieved numerous internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27017 for cloud security, ISO 27701 for privacy information management, and ISO 27018 for cloud privacy, as well as SOC 2 and SOC 3 compliance.
Snowflake’s government deployments have achieved Federal Risk & Authorization Management Program (FedRAMP) Authorization to Operate (ATO) at the Moderate level. In addition, support for ITAR compliance, SOC 2 Type 2, PCI DSS compliance, and support for HITRUST compliance all validate the level of Snowflake security required by industries, and state and federal government.
ThoughtSpot has successfully completed the Service Organization Control (SOC) 2 Type II audit. The SOC 2 report verifies the suitability of the design and operating effectiveness of ThoughtSpot’s information security practices, policies, procedures, and operations to meet the standards for security, availability, and confidentiality. The ISO/IEC 27001:2013 certification specifies security management best practices and controls for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. It ensures that our ISMS is fine-tuned to keep pace with changes to security threats, essential in the fast-paced world of IT security. ThoughtSpot submits to a re-certification audit every third year, inclusive of an annual surveillance audit. ThoughtSpot’s certificate can be found here.
We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Software are responsible for maintaining the security of any password or another form of authentication involved in obtaining access to password protected. To protect you and your data, we may suspend your use of any of the Software, without notice, pending an investigation, if any breach of security is suspected.
For how long is my data retained?
There’s no personally identifiable data collected by Onramper itself. All personal data that is shared with Onramper by Fiat Gateways will be retained for a maximum of 24 months, or shorter where such data are no longer required for the purposes for which they are processed.
What are my rights relating to my data?
Under the European General Data Protection Regulation, you have certain rights regarding your personal information. You may ask us to take the following actions concerning your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you important Service-related and other non-marketing communications.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at compliance@Onramper.com or submit a complaint to the data protection regulator in your jurisdiction.
Cross-Border Data Transfer
Please be aware that your data might be transferred to, processed, and stored in the United States or other non-EEA jurisdictions. Whenever we transfer your personal information out of the EEA to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.
Cookies could allow us to collect data automatically (some of which might be considered personal information. Cookies are either “session” cookies which are deleted when you end your browser session, or “persistent” cookies, which remain until their deletion by you (discussed below) or the party who served the cookie. Some Cookies are necessary for certain uses of the Site, and without such Cookies, we would not be able to provide you with functional access to the Site and/or Service. These ‘Necessary Cookies’ could, for example, enable us to remember your previous actions within the same browsing session and secure our Sites. They could also allow us to, for instance, deliver a page tailored to a user, based on the device you are using and the location you are in. Specifically, they allow us to save your cookie preferences!
We may also use Google Analytics to help us offer you a better-optimized user experience. You can find more information about Google Analytics’ use of your data here.
Necessary cookies are crucial for the basic functions of the website and the website will not work in its intended way without them. These cookies do not store any personally identifiable data.
Unique identifier for visitors used by CookieYes with respect to the consent
Analytical cookies are used to understand how visitors interact with the Site or Software. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. and help us optimize the Site or Software.
A Google Analytics-related cookie used to distinguish users, in order to keep track of Product Usage Data over time.
A Google Analytics cookie used to distinguish users
Google Analytics cookie, used to throttle request rate.
30 seconds to 1 year
Google Analytics cookie that contains a token that can be used to retrieve a Client ID from AMP Client ID service.
_gali is used by Google Analytics to determine which links on a page that are being clicked.
How to disable Cookies.
Most internet browsers are initially set up to automatically accept cookies. If you do not want our websites to store cookies on your device, you can change your browser settings so that you receive a warning before certain cookies are stored. You can also adjust your settings so that your browser refuses most of our cookies or only certain cookies from third parties. You can also withdraw your consent to cookies by deleting the cookies that have already been stored.
If you disable the cookies that we use, this may impact your experience while on the Unilever website, for example, you may not be able to visit certain areas of a website or you may not receive personalized information when you visit a website.
If you use different devices to view and access the Site and/or Software (e.g., your computer, smartphone, tablet) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences.
The procedures for changing your settings and cookies differ from browser to browser. If necessary, use the help function on your browser or click on one of the links below to go directly to the user manual for your browser.
To find out more about cookies, including how to see what cookies have been set on your PCand how to manage and delete them, visit www.allaboutcookies.org.
Email address: email@example.com