Privacy Policy

1. Personal Data We Collect

Ramp collects certain personal data about you and your use of the Service. This information falls into three primary categories: (1) information you provide to us, (2) information we collect from you automatically, and (3) information we collect from third parties. Personal data is any information that identifies or makes an individual identifiable.

‍
Information you provide to us. Collection of this personal data is either required by law, or necessary to provide the requested service. We may collect the following types of personal data from you:

• Personal Identification Information: Full name, date of birth, place of birth, and/or email address.
• Financial Information, i.e. crypto currency addresses information, wallet address, transaction history, trading date
• Customer Service: Records and copies of your correspondence (including email addresses), if you contact us via email or via online chat feature.
• Employer/employee Information: Start date, company name, and/or title, education and training Information (schools/universities attended, course of study, academic grades, degrees obtained, and/or professional certification and licenses).

‍
Information we automatically collect from you. To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and Services, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. We may collect following types of information automatically from you:

• Information About Your Use of the Service: when you browse our Sites, we automatically collect information such as your web request, Internet Protocol (“IP”) address, browser type, domain names, referring and exit pages and URLs, pages viewed and the order of these page views, and/or the date and time you accesses our servers.

‍
Information we collect from third parties. From time to time, we may obtain information about you from third party sources as required or permitted by law such as your service providers and through publicly available sources. For example, payment providers you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well other data necessary to carry out transactions. We may also collect data from AISP if you choose to use this identification and/or payment method (on the basis of your explicit consent given to AISP to obtain account information).

‍

‍

2. Cookies and Similar Tracking Technologies

We and third parties on our behalf may employ various tracking technologies, such as cookies and other similar technologies (collectively, “Tracking Technologies”) to collect additional Personal data automatically as you interact with our Services, that help us to personalize your experience with our Service, and help us better manage content on our Service by informing us what content is effective.

‍

Cookies

Cookies are small text files that a website can use to recognize a repeat visitor to the Sites. We may use cookies and similar technologies for various purposes, including to:

• Analyze our web traffic using an analytics package
• Identify whether you already visited our Sites
• Test content on our Sites
• Store information about your preferences
• To recognize when you return to our Sites

‍

Our Sites may use a ‘load balancer’ to store an identifier on your browser to help keep you connected to the same web server throughout your visit, for a smoother browsing experience. Similarly, session cookies enable our individual web servers to keep track of your progress throughout your visit. When you submit data through a form such as a contact page or comment box, cookies may be set to remember your user details for future correspondence.

‍

We may use the following third-party cookies:

• Google Analytics - website traffic tracking and user targeting. It helps us to analyze how you use our Sites.
• Intercom Live Chat - built-in online chat for customer support. It helps us communicate with you.
• Cloudflare - to keep the connection stable and to identify spammers.

‍

If you do not want Ramp to deploy cookies in your browser, you can opt-out by setting your browser to refuse some or all cookies, or notify you when a website tries to set a cookie in your browser software. If you choose to disable cookies in your browser, you can still use the Website, although your ability to use some of the features may be affected. If you want to learn the correct way to modify your browser settings, please use the Help menu in your browser or review the instructions provided by the following browsers: Internet Explorer, Google Chrome, Mozilla Firefox, Safari Desktop, Safari Mobile; and Android browser.

‍

If you want to exercise your rights regarding personal data collected via cookies and similar tracking technologies, please the Your Rights and Choices section below.The information generated by the cookies will be transferred to Google, and Intercom and Cloudflare in the above-mentioned scope. Therefore, we would like to inform you that detailed information on the use of cookies by these entities can be found at:

• Google link
• Intercom link
• Cloudflare link

‍

Analytics

Our Sites and our third-party technology providers use third-party analytics services (such as Google Analytics) to evaluate your use of the Sites, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the Sites and Internet usage. These third parties use cookies and other technologies to help analyze and provide us the data. For more information on how to opt-out Google Analytics tracking, click here.

‍

‍

3. Why We Use Your Personal Data

Our primary purpose in collecting personal data is to provide you with a secure, smooth, efficient, and customized experience. In general, we use personal data to create, develop, operate, deliver, and improve our Services. We may use your personal data to:

‍

1. Provide Ramp’s Services. We process your personal data to provide the Services to you. For example, when you fund your Ramp account, we require certain information such us your identification, payment information. We will not be able to provide you with Service without such information. Third parties such as identity verification services may also access and/or collect your personal data when providing identify verification and/or fraud prevention services.
2. Maintain Legal and Regulatory Compliance. Ramp’s core Services are subject to laws and regulations requiring us to collect, use, and store your personal data in certain ways. For example, Ramp must identify and verify customers using our Services in order to comply with anti-money laundering laws of various jurisdictions. If you do not provide personal data required by law, we will have to close your account.
3. Enforce Terms in Our Agreements. Ramp handles sensitive information, such as your identification and financial information, so it is very important for us and our users that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities, enforce our agreements with third parties, and/or prevent and detect violations of our posted Terms of Service.
4. Detect and Prevent Fraud and Security Risks. We may process your personal data to help monitor, prevent and detect fraud and abusive use of our Service, enhance security, and combat other security risks what might result in funds loss.
5. Response to Requests. We may process your personal data when you contact us, such as with questions, concerns and feedback. We may share this information with our service providers or partners to the extent necessary to provide you a response.
6. Provide Services Communications. We may send administrative, account and/or transaction related communications to you to keep you updated about our Services, inform you of relevant security issues, or provide other information related to your transactions.
7. Provide Marketing Communications. We may process your personal data or service usage information to send you marketing communications that we believe may be of interest to you, such as marketing newsletters and commercial information about our Services. We only process your personal data for this purpose with your consent and you may opt out from receive marketing communication when registering an account with us.
8. Research and Development of Our Services. We process your personal data to build statistical models, to better understand the way you use and interact with our Services to improve our existing Services and to build new Services.
9. Personalize Your Experience. As permitted under the applicable law, we may also use cookies to process your information to personalize your experience and to enable you to more easily interact with our Services across platforms and devices. Please see Cookies and Other Similar Tracking Technologies section for more information.
10. Facilitate Corporate Acquisitions, Mergers and Transactions. We may process any information regarding your account and use of our Services as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions.
11. With Your Consent. For any other purpose disclosed to you prior to you providing us your personal information or which is reasonably necessary to provide the services or other related services requested, with your permission or upon your direction.

‍

‍

4. Legal Bases for Processing Your Personal Data

For individuals who are located in the European Economic Area, Switzerland or the United Kingdom (collectively, “Europe Residents”) at the time of data collection, our legal bases for processing your information under the applicable data protection laws will depend on the personal data at issue, the specific context in the which the personal data is collected and the purposes for which it is used. We generally only process your data where we are legally required to; where processing is necessary to perform any contracts we entered with you or to take steps at your request prior to entering into a contract with you; where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms,; or where we have obtained your consent to do so,. Below is a chart showing how Ramp uses your personal data, as described above in Section 3, with the corresponding legal bases for processing.

5. How We Share Your Personal Data

We share your personal data as needed to fulfill the purposes described in this Policy and as permitted by applicable law. We may share your personal fata in the following circumstances:

• Within Our Corporate Organization. We may share information between and among Ramp subsidiaries and affiliated companies for purposes of KYC/CDD checks, fraud detections, decision making, customer support, and other business purposes.
• When We Work with Service Providers. We may share your information with service providers that provide us with support services, such as secure website hosting, cloud storage, information technology maintenance, transaction monitoring, network infrastructure, payment processing, security, fraud detections, KYC/CDD checks, customer support and analytics.
• With Payment Processors. Upon your authorization, we may share your personal data with financial institutions that we partner with to process payments.
• With Our Professional Business Advisors. We may share your personal data with our professional advisors who provide banking, legal, compliance, and other consulting services in order to complete required legal audits of our operations, or otherwise comply with our legal obligations.
• Corporate Transactions. We may disclose personal data to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by us is among the assets transferred. By engaging with us or using our Services, you understand and agree to our assignment or transfer of rights to your personal data.
• As Required by Law. We may disclose your information if we believe that the disclosure is required by law, if we believe that the disclosure is necessary to enforce our agreements or policies, in response to valid requests by public authorities (e.g., a court or a government agency), or if we believe that the disclosure will help us protect the rights, property, or safety of Ramp or our customers.
• With Your Consent. We may disclose your personal data for any purpose with your consent. For example, to other data controllers whose terms of service you consented to.

‍

‍

6. Third-Party Sites and Services

Our Services may contain links to third-party websites. Please note that third parties you interact with may have their own privacy policies, and Ramp is not responsible for their operations or their use of data they collect. We encourage you to check the applicable third-party privacy policy and terms of use when visiting or using any third-party services.

‍

‍

7. Your Rights and Choices

Depending on the applicable law where you reside, you may exercise the following rights. We may limit these privacy rights requests: (1) when denial of access is required or authorized by law; (2) when granting access would have a negative impact on another's privacy; (3) to protect our rights and properties; (4) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at dpo@ramp.network. We may seek to verify your identity when we receive your privacy rights request to ensure the security of your personal data.

‍

• Right to access. You may have the right to obtain a copy of your personal data that we hold about you, as well as other supplementary information, such as the purposes of processing, the categories of personal data that Ramp processes, and the entities to whom Ramp discloses your personal data.
• Right to rectification. You have the right to request us correct any of your personal data in our files.
• Right to erasure. Under certain circumstances, you may have the right to the erasure your personal data that we hold about you. For example, when the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, or when you withdraw your consent for processing, you may request to delete such information. To note, this right is not absolute, and we may refuse your right to erasure if there is compelling legitimate grounds for keeping your personal data.
• Right to restriction. You have the right to request that we restrict our processing of your personal data in certain circumstance. For instance, this right is available if you contest the accuracy of the personal data or you objected to processing and Ramp is in the process of verification of the lawful grounds for processing.
• Right to object to processing. You have the right to object to our processing of your personal data at any time and as permitted by applicable law if we process your personal data on the legal bases of: consent, contract, or legitimate interests (See Section 6 above). However, we may continue to process your personal data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
• Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal data collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
• Right to portability. Under circumstances, you may have the right to receive personal data we hold about you in a structured, commonly used, and machine-readable format so that you can provide that personal data to another controller.
• Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws. We do not engage in this type of automated processing.
• If you believe we have infringed or violated your privacy rights, please contact us at dpo@ramp.network. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal Data in accordance with this Policy.
• If you are a resident of the EU, UK or Switzerland and feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with your local data protection authority about our collection and use of your personal data.

‍

‍

8. International Transfer of Personal Data

Our Service is operated in the European Economic Area (EEA), the United Kingdom, the United States, and potentially elsewhere. For EEA Residents, the personal data we collect from you will not be transferred to or stored outside of the EEA unless you consent to authorizing a U.S. payment processing services providers or Ramp’s U.S. affiliates and partners to fulfill the transactions. If you choose to authorize such transactions, you hereby irrevocably and unconditionally consent to the transfer, processing, and use of your information in the United States.

‍
If we transfer your personal data outside of the EEA and UK to a data processor, we will ensure that the transfer is lawful and that data processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018.

‍
We will protect your personal data in accordance with this Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal data in accordance with applicable laws. We contractually obligate recipients of your personal data to agree to at least the same level of privacy safeguards as required under applicable data protection laws.

‍

‍

9. Retention of Your Personal Data

We will only retain your personal information for as long as it is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. For example, for the purposes of our compliance with Anti-Money Laundering obligations, we will store your personal data for five years beginning on the date on which our business relationship has come to an end.
‍

We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

‍

‍

10. How We Protect Your Personal Data

We maintain (and contractually requires third parties that shares your personal data to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of your personal data both during transmission and at rest. For example, we use industry standard encryption methods, such as TLS/SSL protocol, for all data transmissions and we store all data in encrypted databases to ensure the security of your data.

‍
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. We cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail (and please do not send us sensitive information, such as payment card information or government issued IDs). You are responsible for protecting your password(s) and maintaining the security of your browsers and devices.

‍
If you have reason to believe that your personal data is no longer secure, please contact us immediately at: dpo@ramp.network.

‍

‍

11. Notice to California Residents

This section only applies to California residents. The purpose of this section is to inform California residents (“consumers” or “you”), at or before the time of collection of “personal information” (as that term is defined in the California Consumer Privacy Act (“CCPA”)), about our data collection practices and your privacy-related rights under California law). Your “right to know” about personal information collected, used, and disclosed by Ramp includes what categories of personal information we collect from you and the purpose for its collection; how we use those categories of personal information; and how we share the personal information you entrust to us.

‍

Categories of Personal Data Collected

The chart below describes the categories of personal information that Ramp has collected in the preceding 12 months, the sources and purpose of such collection, and the parties to whom the information was shared for business purpose.

Rights Under the CCPA

Access to Specific Information and Data Portability Rights – Subject to certain exceptions, if you are a California resident you have the right to request a copy of the personal information that we collected about you during the 12 months before your request. Once we receive your request and verify your identity, we will disclose to you:The categories of personal information we have collected about you;

• The categories of sources for the personal information we have collected about you;
• Our business or commercial purpose for the information collection;
• The categories of third parties with whom we share that personal information; and
• The specific pieces of personal information we collected about you.

‍

Sale of Personal Information – You have the right to request that we disclose to you: the categories of your personal information that we sold, and the categories of third parties to whom your personal information was sold. Ramp does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.

‍

Deletion Request Rights – Subject to certain exceptions, you have the right to request that we delete any of your personal information that we collected from you and retained.

‍

Non-Discrimination – We recognize and respect that you have the right to not receive discriminatory treatment by the business for exercising any of your CCPA rights.

‍

Exercising Access, Data Portability, and Deletion Rights – To exercise the access, data portability, and deletion rights described above as a California resident, please submit a verifiable consumer request to us by contacting us as described in the “Contact Us” section below.

‍

Use of an Authorized Agent to Submit a Request – Only you or a person you formally authorize to act on your behalf, may make a verifiable consumer request related to your personal information as a California consumer. If you use an authorized agent to submit such a request, we will require written proof that the authorized agent has been authorized to act on your behalf or a copy of the power-of-attorney document granting that right.

‍

‍

12. Children’s Personal Data

We do not knowingly request to collect personal data from any person under the age of 18. Hereinafter “Child”. If a user submitting personal data is suspected of being under the age of 18, we will require the user to close his or her account, terminate the user’s access to our Service, and take steps to delete the personal data collected as soon as possible. If you know of any Child using our Services, please notify us via the method identified in the Contact Us section below so we can take action to prevent access to our Services.

‍

‍

13. Contact Us

If you have any questions or concerns regarding this Privacy Policy, or if you have complaint, please contact the operating entities listed below for the area where you are a resident of:

‍

1. If you reside in the European Economic Area or the United Kingdom, the controller of your personal information is Ramp Swaps Ltd - a British private limited company, with its registered office in London 5th Floor, Gilray House, 146-150 City Road, London, England, EC1V 2NL. You may contact us via e-mail at: dpo@ramp.network, or by other means of communication, as referred to in the Customer Support and Complaints Handling Policy.
2. If you reside in the European Economic Area, you may reach our member representative, Data Officer, by emailing them at dpo@ramp.network.
3. If you reside in the United States, the controller of your personal data is Ramp Swaps LLC, with registered office in 8 The Green, STE B, Dover, County of Kent, DE 19901. You may contact us dpo@ramp.network.