Last Updated August 25, 2018
1. About this Policy
1.1 We appreciate your interest in our products and services. Your privacy is important to us and we want you to feel comfortable with how we use and share your personal information.
1.2 This policy sets out how Ascent Organization LLC. / KOINASCENT.COM (hereinafter referred as the “Ascent”, “we”, “our” or “us”) handles your personal information, including when and why it is collected, used and disclosed and how it is kept secure (each and all referred to as “processing”). Ascent is a data controller for cryptocurrency transactions. As a data controller, we determine the means and purposes of processing data in relation to e-wallet and cryptocurrency transactions.
1.3 You will find our contact details at the end of this policy which you can use if you have any questions, including how to update or access your personal information or to make a
1.4 This Policy only applies to information we process. It does not apply to the practices of companies that we don’t own or control, or employees that we don’t manage. Information on our services may contain links to third party websites, and any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites’ responsibility to protect any information you give them, so we can’t be held liable for their wrongful use of your personally identifying information.
1.5 This policy may change, so please check this page from time to time to ensure that you’re happy with any changes.
1.6 This policy was last updated on 5 July 2018.
2. Your Personal Data and How We Use It
2.1 If you choose to create an account (“account”) with us, we require that you provide us certain Personal Information: your name (Last and First), country of residence, company name, date of birth, hash of the password. We will use your Personal Information to:
• Administer your Account; • Process your payments and transactions;
• Provide you with the Site, the Services, and customer support;
• Tailor the features, performance and support of the Site and/or Services to you;
• Market products and services to you that we believe may be of interest to you;
• Respond to your requests, resolve disputes and/or troubleshoot problems;
• Improve the quality of the Site and the Services; and
• Communicate with you about the Site and the Services.
We process your personal data because we have a legitimate interest in providing you with the best service, to verify your identity, and to comply with fraud and money laundering laws. Such processing is also a contractual requirement for you to use our services. Without such processing, you will not be able to use our services. Your personal data is protected by legal
rights which are detailed in Section 8.
2.2 We receive and store certain types of information automatically, such as whenever you interact with the Site or use the Services. This information does not necessarily reveal your identity directly but may include information about the specific device you are using, such as the hardware model, device ID, operating system version, web-browser software (such as Chrome, Safari, or Internet Explorer) and your Internet Protocol (IP) address/device identifier. We may also collect information about how your device has interacted with our website, including pages accessed and links clicked. We may use identifiers to recognize you when you arrive at the Site via an external link, such as a link appearing on a third party site. We process your personal information in order to satisfy our legitimate interest of enhancing security, monitoring and verifying identity or service access, combating spam or other malware or security risks and to comply with applicable security laws and regulations. Without processing your personal information, we may not be able to ensure the security of our Services. We collect some of this information using cookies – please see Cookies in Section 9 for further information.
2.3 KYC/AML If you choose to trade Tokens through our Site or Services we may require you to provide us with additional information such as your Ethereum address, driver’s license number and/or photocopy of government-issued IDs, and/or financial documents to prove your net worth. The information is collected to verify users, prevent fraud, and assure that only qualified investors, as defined by the law of appropriate jurisdiction, are participating in our service. This information is required for us to perform the purchase contract with you, and for us to comply with anti-money laundering and terrorist financing laws across jurisdictions, such as Know Your Client rule. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform the Services in accordance with legal and regulatory requirements.
3. Providing Your Personal Data to Others
3.1 We may disclose your information to our third party service providers and other organizations for the purposes of providing services to us or directly to you on our behalf. We will never sell or rent your personal information. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions. We will only share your information with the following providers under the following circumstances:
• We may share your information with Thomson Reuters, and Onfido, companies located in the United States, for identity verification services in order to prevent fraud. This allows us to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with provision of identity verification and fraud prevention services.
• We may share your information with Google, Mailchimp, Postmark, Intercom, DoubleClick, and Facebook, companies located in the United States, to help us with parts of our business operations such as marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else.
• We may also disclose your personal data to our auditors, lawyers, accountants, consultants and other professional advisors insofar as it is reasonably necessary for the purposes of obtaining professional advice or managing legal disputes and risks.
3.2 We may also transfer your personal information if we are under a duty to disclose or share it in order to comply with any legal obligation to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
3.3 If you use your Ascent Account to purchase or trade Tokens, the proof of the transaction will be displayed on Ethereum blockchain, which will contain a unique digital identifier code (hash). Although the proof of the transaction is public, the identity of the participants will remain private. The private information will be stored by us in compliance with regulatory and industry standards. This information is required for us to perform your purchase contracts. The consequences of not processing your personal information for such purposes is the termination of your account as we cannot perform the Services in accordance with legal and regulatory requirements.
4. Information We Receive from Others
4.1 We obtain information about you from public databases and ID verification partners, Thomson Reuters, and Onfido, for purposes of verifying your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information includes your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. The basis for processing such data is compliance with legal obligations. In some cases, we may process additional data about you to ensure our Services are not used fraudulently or for other illicit activities. In such instances, processing is necessary for us to continue to perform our contract with you and others.
5. How we Protect and Store Personal Information
5.1 We store your information on our servers as well as on servers provided by Amazon Web Services (“AWS”). All services are maintained in the United States of America and all servers, which store your Identifiable Information, are secured and located in the United States of America. We use computer safeguards, such as firewalls and data encryption. We authorize access to your information only for those employees who require it to fulfill their job responsibilities and these employees are required to treat this information as confidential.
5.2 We will take reasonable precautions, as well as physical, technical, and organizational measures in accordance with industry standards to protect your Identifiable Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Information you provide is transmitted to and stored by us using industry standard methods for each type of information.
6. Transfers of Your Information outside the European Economic Area
6.1 The information you provide to us is transmitted to, and stored at, servers in the United States. The information transfer is in compliance with the EU-U.S. Privacy Shield which is available at https://www.privacyshield.gov/welcome. The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. AWS is a participant in the EU/US Privacy Shield, under which transfers of personal data to the U.S. are authorized. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield at https://ec.europa.eu/info/law/law-topic/ data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
7. Retaining and Deleting Personal Data
7.1 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.2 Users may request the deletion of their account by contacting us at the address provided below.
7.3. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the period we need to access the data for the provision of services, receiving payment, resolving your customer support issue or other issues or for any other auditing or legal reasons.
7.4. Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
8. Your Rights
8.1 In this section we have summarized the principal rights that you have under the data protection law. Some of the rights are complex, might contain restrictions depending on the legal basis for processing the data and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
8.2 Right to access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can ask for your personal data by contacting our customer support.
8.3 Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
8.4 Right to erasure: You have the right to the erasure of your personal data. We have described our policy for retaining and deleting personal data above in Section 7.
8.5 Right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
8.6 Right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and
freedoms of others.
8.7 Right to complain to a supervisory authority: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are a EU resident you may do so in the EU member state of your habitual residence, your place of
work or the place of the alleged infringement.
8.8 Right to withdraw consent: to the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8.9 Without prejudice to the aforementioned, if we have reasonable doubts concerning the identity of a user exercising his/her rights referred to in Sections 8.2 to 8.8 or if we otherwise
due to security reasons deem it necessary, we may request the provision of additional information and otherwise use all reasonable measures necessary to confirm the identity of the user.
8.10 You may exercise any of your rights in relation to your personal data by contacting our customer support. Concerning “Right to erasure” users are also able to request the deletion of their account through our site.
9.3 You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Disabling cookies will result in disabling all functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
10. Automated Decision-Making and Information Collected Automatically
10.1 Automated decision making means the ability to make decisions using technology, without human involvement. We may use automated decision making in processing your IP address and unique user, or session, ID for load balancing to determine which backend server will process the request. This information is required for us to perform your purchase contracts.
Please note that the automated decision making we use will not have a legal or similarly significant effect on our users.
10.2 We automatically receive and record information on our server logs from your browser, including how you came to and used the Services; your IP address; device type and unique device identification numbers, device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL), broad geographic location (e.g. country or city-level location) and other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser. We may also collect information about how your device has interacted with our website, including pages accessed and links clicked. We may use identifiers to recognize you when you arrive at the Site via an external link, such as a link appearing on a third party site. We do not consider that this has any legal effect on you or similarly significantly affects you.
10.3 You have the right to object to our use of automatically collected information described in this section. You can do that by opting-out of cookies and similar technologies in accordance with the method described above. If you do not want us to process your actual IP address (usually the IP address assigned to you by your Internet Service Provider) when you visit our website, you can use a Virtual Private Network (VPN) or a free service such as Tor.
11. Children’s Privacy
11.1 Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of 16. The website is not intended to solicit information of any kind from persons under the age of 16.
11.2 It is possible that we could receive information pertaining to persons under the age of 16 by the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information from our servers. If you would like to notify us of our receipt of information about persons under the age of 16, please do so by sending an email to [email protected]
12. How to Contact Us
Data Protection contact details
Ascent Organization LLC – Privacy Compliance
1 Victoria Street, Hamilton HM 11, British Territory of Bermuda