Last updated: May 25, 2018
As used herein, “Personal Information” means any information relating to an identified or identifiable natural person (each, a “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of that natural person.
PERSONAL INFORMATION WE COLLECT
Section 326 of the USA PATRIOT ACT requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all new users. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. What this means for you: when you open an account, we ask you for your name, email address, mobile phone number and other identifying Personal Information.
In addition, we are a global company and may conduct business and collect Personal Information from individuals and institutions located within the European Union (“EU”). We are required to protect Personal Information processed in the EU in accordance with the General Data Protection Regulation (“GDPR”). To understand more about how we protect the data we collect from individuals and institutions located within the EU, please see the section titled “Privacy Statement for Data Subjects Residing In The European Union,” below.
Personal Information we collect may include the following:
Individual User — Depending on your level of activity, Abra will attempt to collect, verify, and authenticate the following:
- Email address;
- Mobile phone number;
- Full legal name;
- Social Security Number (“SSN”) or any comparable government-issued identification number;
- Date of birth;
- Proof of identity (e.g., driver’s license, passport or government-issued ID);
- Home address (not a mailing address or P.O. Box); and
- Additional Personal Information or documentation at the discretion of our Operations Staff.
Legal Entities — We attempt to collect, verify, and authenticate the following:
- Entity legal name;
- Employer Identification Number (“EIN”) or any comparable identification number issued by a government;
- Full legal name of all account signatories;
- Email address of all account signatories;
- Mobile phone number of all account signatories;
- Principal place of business and/or other physical location;
- Proof of legal existence (e.g., state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable); and
- Documentation indicating that the signatories are authorized to act on behalf of the legal entity.
Device Information – Information automatically collected about the device used to access the Abra platform (such as, but not limited to, hardware, operating system, browser, etc.).
Location Information – Information automatically collected to determine your location, including your IP address and/or domain name.
Log Information – Information that is generated by your use of Abra that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any information related to Abra services you utilize.
Transactional Information – Information that is generated by your activity, including, but not limited to, trading activity, order activity, deposits, withdrawals, and wallet balances.
Correspondence – Information that you provide to us in correspondence, including creating a wallet or wallets, and with respect to ongoing user support.
Some of our web pages may contain “cookies”, or data that is sent to your web browser and stored on your computer. The purpose of these “cookies” is to allow our server to recognize you as a returning visitor, customize our services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our sites and services. We may also use trusted third-party services that track this information on our behalf. In the event you do not wish to receive such cookies, you may configure your web browser to not accept cookies or to notify you if a cookie is sent to you. You are free to decline cookies if your web browser permits, but you may not be able to use all the features and functionalities of our website. Abra does not link the information we store in cookies to any personally identifiable information you submit while on our website.
HOW WE USE AND SHARE THE PERSONAL INFORMATION WE COLLECT
The Personal Information we collect and the practices described above are done in an effort to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve the Abra platform.
We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats during the normal course of our business. Such third-party service providers are subject to strict confidentiality obligations. In addition, we may be compelled to share Personal Information with law enforcement, government officials, and regulators.
For example, we may use your Personal Information to:
Provide you with our services, including user support for Abra;
- Optimize and enhance our services for all users or for you specifically;
- Conduct anti-fraud and identity verification and authentication checks (you authorize us to share your Personal Information with our third-party service providers, who may also conduct their own searches of publicly available Personal Information about you);
- Monitor the usage of our services, and conduct automated and manual security checks of our services; and
- Create aggregated and anonymized reporting data about our services.
We do not sell user Personal Information to third parties for the purpose of marketing.
Be aware that Bitcoin, Litecoin, and other cryptocurrencies are not necessarily truly anonymous. Generally, anyone can see the balance and transaction history of any public cryptocurrency address. We, and any others who can match your public cryptocurrency address to other Personal Information about you, may be able to identify you from a blockchain transaction. This is because, in some circumstances, Personal Information published on a blockchain (such as your cryptocurrency address and IP address) can be correlated with Personal Information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you. You agree to allow us to perform such operations and understand that we may do so.
If Abra stores or processes Personal Information, Abra protects data by using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards Abra uses are firewalls and data encryption, physical access controls to data centers, and information access authorization controls. Abra’s employees, contractors and agents are subject to strict contractual confidentiality obligations and may access your Personal Information only on a need-to-know basis.
ACCURACY AND RETENTION OF PERSONAL INFORMATION
We take reasonable and practicable steps to ensure that your Personal Information held by us (i) is accurate with regard to the purposes for which it is to be used, and (ii) is not kept longer than is necessary for the fulfillment of the purpose for which it is to be used, which is when your business relationship with us ends, unless the further retention of your Personal Information is otherwise permitted or required by applicable laws and regulations.
ACCESS, CORRECTION, AND DELETION OF PERSONAL INFORMATION
You have the right to ascertain whether we hold your accurate and current Personal Information, to obtain a copy of the Personal Information that you submitted as permitted by law, and to correct any of your data that is inaccurate. You may also request that we inform you of the type of Personal Information we hold with regard to you, subject to restrictions on our providing copies of certain data pursuant to our obligations under the Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) regulations and/or data provided to our legal counsel in defense of a claim against us. You may also request that we delete your Personal Information, subject to restrictions under applicable laws and regulations, such as those related to the BSA and AML. For data access, correction, or deletion requests, please contact firstname.lastname@example.org.
When handling a data access, correction, or deletion request, we check the identity of the requesting party to ensure that he or she is the person legally entitled to make such request. While we maintain a policy to respond to these requests free of charge, should your request be repetitive or unduly onerous, we reserve the right to charge you a reasonable fee for compliance with your request.
Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you. We will provide you with an opportunity to opt-out of such communications and will only send them to you if you consent.
We will not provide your Personal Information to third parties for direct marketing or other unrelated purposes without your written consent.
PRIVACY STATEMENT FOR DATA SUBJECTS RESIDING IN THE EUROPEAN UNION
While users who are located in the EU are users of our US entity, we recognize and, to the extent applicable to us, adhere to relevant EU data protection regulations.
LAWFUL GROUNDS TO COLLECT AND PROCESS DATA
We process the Personal Information of Data Subjects who are located in the EU for one or more several lawful purposes, including:
- To comply with legal obligations: To comply with our obligations pursuant to Section 326 of the USA PATRIOT ACT, which requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account.
- For Abra’s legitimate business purposes:
- To conduct anti-fraud, identity verification and authentication checks (you authorize us to share your Personal Information with our third-party service providers, who may also conduct their own searches of publicly available Personal Information about you);
- To monitor the usage of Abra, conduct automated and manual security checks of our service, to protect our rights and perform our lawful obligations;
- To provide you with our services, including user support; and
- To optimize and enhance Abra for all users.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
As a global entity, Abra may store, transfer, and otherwise process your personal information in countries outside of the country of your residence, including the United States and possibly other countries.
Abra participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Abra is committed to subjecting all personal information received from EU countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.
Abra is responsible for the processing of personal information it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Pursuant to the Privacy Shield Principles, Abra will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take all reasonable steps to ensure that personal information we process is limited to only what is relevant to the purposes for which it was collected and that it is accurate, complete, and up-to-date.
Abra complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions. Consequently, before Abra shares your information with any third party that is not also certified under the E.U.-U.S. Privacy Shield Framework, Abra will enter into a written agreement that the third party provides at least the same level of privacy safeguard as required under those Frameworks, and assures the same level of protection for the personal information as required under applicable data protection laws.
If you are a European data subject with an unresolved complaint or dispute arising under the requirements of the Privacy Shield Framework, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Our independent dispute resolution mechanism is JAMS Mediation, Arbitration and ADR Services (“JAMS”). You may contact the JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim.
We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to the Framework. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. In certain situations, Abra may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
NON-DISCLOSURE OF PERSONAL INFORMATION
Our employees are prohibited, either during or after their employment, from disclosing Personal Information to any person or entity outside of our company, including family members, except under the circumstances described above. An employee is only permitted to disclose the Personal Information of a user to such other employees who needs access to such information in order to deliver our services to that user.
OUR CONTACT INFORMATION FOR PERSONS LOCATED IN THE EU
If you are located in the EU or Switzerland and have questions or concerns regarding the processing of your Personal Information, you may contact us at: email@example.com or write us at:
Plutus Financial, Inc.
PO Box 390004
Mountain View, CA 94039
If, as an EU Citizen, you believe that we have not adequately resolved any such issues, you have the right contact the EU supervisory authority.