KASTA PRIVACY POLICY

This Privacy Policy describes Kasta’s policies and procedures on the collection, use, and disclosure of User’s information when they use the Services, access or visit the Website. This Privacy Policy is also intended to inform the User about their privacy rights.

All capitalized terms used in this Privacy Policy or in any notice given in connection with this Privacy Policy have the same meaning as in the Terms of Use, unless expressly defined otherwise herein.

This Privacy Policy is based on the requirements of European Union General Data Protection Regulation 2016/679 (“GDPR”) on the protection of individuals in relation to the processing of any information that relates to an identified or identifiable living individual (“Personal Datа”). Services and Website are operated by KASTA CCHS Ltd., with their registered address at 12 B "Tsar Ivan Asen II" Street, Sofia, Bulgaria, and registration number 206754233 (referred for the purposes of this Privacy Policy as the “the Company”, “Ka.app” or “Kasta”). The Company is the Personal Data controller within the meaning of the GDPR.

The Company collects Personal Data and uses this Personal Data only for the purposes of offering, providing and/or improving the Services, unless a reasonable assessment is made that this Personal Data shall also be processed for additional purposes. Users will be informed if the Personal Data is processed for additional purposes.

By accessing, joining the waitlist, registering an Account and/or expressing interest in the Services in any way stated on the Kasta Website, the User explicitly accepts and agrees to provide the Company, its parent companies, subsidiaries and/or affiliates with the required Personal Data. By using the Services, the User agrees to the current Privacy Policy.

The Company processes Personal Data on its own behalf, or jointly with other parties, such as banks, payment providers, know-your-customer (“KYC”) providers, crypto custodians, customer relationship management (“CRM”) tools, and other similar services.

This document contains the following information:

• Personal Data that the Company collects and how it is used;
• Purpose for the collection of Personal Data;
• How IP address and cookies are used;
• Sharing of Personal Data with third parties;
• Transmission of personal information outside of the European Union;
• What rights User’s have;
• Security measures to protect User Personal Data;
• Retention of Personal Data.
  

Type of information collected

The Company collects User’s Personal Data necessary for the identification and for the performance of the contractual and regulatory obligations of the Company. This information may include any or all of the following:

1. Name, date and birthplace, personal identification number (if applicable), citizenship, mailing address, telephone number, e-mail address;
2. Identification documents (for example, passport or state issued ID);
3. Photo or video as required by KYC provider procedure;
4. Data regarding User’s professional activities or employment;
5. Purpose for establishing the Account, real and expected volume of Transactions, financial information, source of funds/wealth;
6. Data related to payments, including credit or debit card number, bank account and other payment information;
7. Digital Assets wallet addresses;
8. Usage Data such as: User’s Internet Protocol (IP) address, browser type, browser version, pages visited, links clicked on, the time and date of User’s visit, time spent on those pages, Services viewed or searched for, page response times, unique device identifiers and other diagnostic data, mobile network information, type of mobile device used, mobile device unique ID, operating system;
9. Information stored on your device, including if you give us access to contact information from your contacts list. The Ka.app will regularly collect this information in order to stay up to date (but only if you have given us permission).
10. Data related to the use of Cookies or other tracking data;
11. Information about the Orders made and/or executed by the Users, including the quantity of the relevant Digital Assets and other information related to the Transactions;
12. Information about the User's location;
13. Data from QR or other barcodes scanned by the User's camera phone.

2. Purpose of the collection of Personal Data

Kasta collects and processes Personal Data for the following purposes:

1. Verification of the User’s identity;
2. To provide, maintain and improve the Services, including monitoring the usage of our Services; provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of Services;
3. To manage User's Account and provide access to different Service functionalities;
4. For the performance of a contract including the execution of contracts related to cryptocurrency and/or Digital Assets transactions or compliance requirements related to those contracts;
5. To contact Users by email, telephone, SMS, or other equivalent forms of electronic communication, regarding updates or information related to the functionalities, products or contracted Services, including the security updates;
6. To provide Users with news, special offers and general information about other goods, services and events that the Company offers now or may offer in the future;
7. To manage User’s customer service requests;
8. For business transfers including evaluation or completion of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data is among the assets transferred;
9. For data analysis including but not limited to identifying usage trends, determining the effectiveness of our promotional campaigns and evaluating and improving Kasta Services, products, marketing and the User’s experience;
10. For compliance with Company’s legal obligations;
11. For targeting, modeling, or advertising purposes.

3. Categories of Third Parties Receiving Personal Data

In accordance with the requirements of the GDPR, the Company has the right to disclose Personal Data that it processes to the following categories of recipients:

1. To natural persons to whom the Personal Data relates;
2. To third parties, individuals, legal entities, public bodies, institutions and agencies, in fulfillment of legal or contractual obligations or on another valid legal basis, such as detection, prevention or other acts of fraud, technical security or security issues;
3. To banks, or similar payment or financial service providers;
4. To persons who maintain equipment and software used for processing User’s Personal Data;
5. To service providers to monitor and analyze the use of the Service and to other service providers;
6. For business transfers including the negotiations, merger, sale of Company’s assets, financing, or acquisition of all or a portion of our business with another company;
7. With other entities such as the Company’s parent companies, licensors and/or affiliates or any other subsidiaries, joint venture partners or other companies that the Company controls or that are under common control;
8. With our business partners to offer User certain products, services or promotions;
9. Users who choose to share personal information or otherwise interact in public may have this information viewed by other Users who may publicly distribute this information;
10. With professional consultants such as auditors, lawyers, tax and financial advisors etc.;
11. For any other purpose with Users  consent.

4. Transfer of Personal Data to a third country or international organizations

The Personal Data is processed at the Company’s offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of User’s state, province, country or other governmental jurisdiction where the Personal Data protection laws may differ, from those from User’s jurisdiction. This may include protections less than would be found in the European Union or the European Economic Area. Users consent to this Privacy Policy represents an agreement to this transfer.

The Company will take all steps reasonably necessary to ensure that the transferred Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of the Personal Data will take place to an organization or a country unless there are adequate controls in place for the security of Personal Data.

5.Retention of the Personal Data

The Company will retain the Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. The Company will retain and use the Personal Data collected to the extent necessary to comply with our legal obligations and applicable laws, to resolve disputes, and enforce our policies. Usage Data, including the types of data listed in 1(viii), is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or the Company is legally obligated to retain this data for longer time periods.

Personal Data for which there is no explicit legal obligation for storage will be deleted after achieving the purposes for which the Personal Data was collected and processed.

6. Security measures for Personal Data protection

The protection of information and Personal Data is a top priority of the Company, but no method of transmission over the Internet, or method of electronic storage is 100% secure, and the Company cannot guarantee its absolute security. The Company constantly implements and updates technical and organizational measures to ensure Personal Data protection. The Company regularly executes reviews of all procedures and rules for Personal Data collection, storage and processing.

7. What are User’s rights in connection with the processing of Personal Data by the Company

Users have the following rights with regard to their Personal Data:

1. To receive information about their Personal Data which the Company collects. The Company will provide information and/or access to Personal Data collected or processed if a User requests such information to Company’s customer services;
2. To request that Personal Data be corrected when it is inaccurate or should be supplemented in view of the purposes of processing. For Personal Data that Users can not correct through their Account, a request can be submitted in accordance with the procedure described in this Privacy Policy;
3. To request deletion of Personal Data in the following circumstances: when it is no longer needed for the purposes for which they were collected or processed; if explicit consent was required and withdrawn; if there no longer exists a legal or contractual basis for processing the Personal Data or through a judicial order or a change in the relevant regulations. It is not possible to request the immediate deletion of Personal Data in every circumstance, for example if there is a regulatory obligation to maintain the Personal Data;
4. To request limitation of the processing of Personal Data where the processing may violate applicable regulations but the User only wishes to limit the processing of that Personal Data;
5. To request the transfer of Personal Data. The right to portability applies to Personal Data where the processing is based on the Users explicit consent or contractual obligation and the processing is carried out in an automated manner;
6. To object to the Company about the processing of Personal Data. As per the requirements of the GDPR, the Company will answer within one month, whether it considers the objection justified and within the regulatory requirements;
7. To withdraw consent to the processing of Personal Data if the processing was based solely on the User’s consent;
8. To send a complaint to the competent Personal Data protection authority in case the User believes their rights have been violated. A list of all national and regional Personal Data protection authorities in the EU is available on this website – https://edpb.europa.eu/about-edpb/about-edpb/members_en .

8. Automated decisions

The Company may make automated decisions about the User. This means that the Company may use technology that can evaluate the User’s personal circumstances and other factors to predict risks or outcomes. This is needed for the efficient running of the Service and to ensure decisions are fair, consistent and based on the right information. Where an automated decision is made about a User, the User has the right to ask that the decision be manually reviewed.

9. Cookies

Cookies and other tracking technologies (“Cookies”) are used to monitor and observe the use of the Service.

Cookies are small text files created and stored on a hard drive by internet browser software, which holds relevant information about the web page. The Company may use Cookies to collect and process information about User’s visits to the Website, such as the pages visited, the Website Users come from, and some of the searches Users perform. Kasta uses this information to improve the content of the Website, and Services and to collect aggregate statistics of visitors to the Website for internal purposes in connection with market research. Kasta may also use Third-Party Services which assist the Company in collecting and processing the information described in this section. Most internet browsers allow Users to disable Cookies, however this may reduce Website function. Cookies can be Persistent Cookies or Session Cookies. Persistent Cookies remain on the User personal computer or mobile device when the User goes offline, while Session Cookies are deleted as soon as the User closes the web browser.

The Company uses both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies

Type: Session Cookies

Administered by: Kasta

Purpose: These Cookies are essential to provide Users with the Services available through the Website and to enable the use of some of its features. They help to authenticate Users and prevent fraudulent use or help detect any problems with the Website. Without these Cookies, the Website will either not work at all or may not perform as expected and result in poor user experience.

• Marketing Cookies

Type: Persistent Cookies

Administered by: Kasta

Purpose: These Cookies are frequently used to track User preferences and/or browsing, send advertising, or track the User on the Website or across several websites for similar marketing purposes. Kasta may use Third-Party Services which may include GoogleAds, DoubleClick, AddThis WordPress plugins, Remarketing pixels, Social Media cookies.

• Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Kasta

Purpose: These Cookies identify if Users have accepted the use of Cookies on the Website and/or the Cookie preferences of the respective Users.

• Functionality Cookies

Type: Persistent Cookies

Administered by: Kasta

Purpose: These Cookies allow the Company to remember the choices Users make when they access the Website, such as remembering login details, location and/or language preference. The main purpose of these Cookies is to provide the User with a more personal experience and/or enhanced content. Thus resulting in a better user experience whilst using the website.

Apart from Cookies, the Company may use similar tracking technologies to track the Services, store certain information, and improve and analyze the Services. These technologies may include:

• “Internet tags” can be placed both in online ads that lead Users to the Website and on various pages on the Website. This technology is used to measure the response of visitors to the webpage and the effectiveness of the advertising campaigns (including how many times a page has been opened and what information has been viewed), as well as to evaluate Users’ use of the Website.
• “Pixel tags” are small blocks of code on a webpage. They can include information such as the IP address, the time the pixel was viewed and the type of browser being used.

The Services may contain links to other websites that are not operated by the Company. It is advised that the User review the Privacy Policy of every Third-Party website that they visit. Kasta has no control over and assumes no responsibility for the content, privacy policies or practices of any Third-Party Services or sites.

10. Children’s privacy

The Service does not address anyone under the age of 18. The Company does not knowingly collect personally identifiable information from anyone under the age of 18. If the Company becomes aware that Personal Data was collected from anyone under the age of 18 without verification of parental consent, the information will be removed.

11. Changes to Privacy Policy

This Privacy Policy may be updated from time to time. Users are advised to review this Privacy Policy periodically for any changes. If required, will be published as deemed appropriate.

Changes to this Privacy Policy are effective when this page is updated.

If Users do not agree with the revised content, they should stop the use of the Services immediately. Continuing to use the Services is acceptance of changes to the Privacy Policy.

12. Unsubscribe

The email address provided when joining the waitlist, subscribing to Kasta communication/social channels and/or during the opening of an Account, or otherwise, may be used to send information and updates related to the Services, Orders and/or Transactions, and less frequently for news about the Company and/or the products the Company offers. Users can unsubscribe from receiving emails not specifically related to the Services, their Orders and/or Transactions by clicking the appropriate button at the end of each email.

Unsubscribing from marketing emails will have no effect on functionality emails such as a password reset or Transaction confirmation.

13. Submitting a request

Users may submit requests to the Company based on their rights described in this Privacy Policy by contacting the Company at the address given in this Privacy Policy. If the relevant information provided is incomplete and/or incorrect, it may not be possible to fulfill the request.

14. Contact us

For any questions about this Privacy Policy, please contact us at email: info@kasta.io and / or 12 B "Tsar Ivan Asen II" Str., Sofia, Bulgaria.