Last updated: October 16, 2018
As used herein, “Personal Information” means any information relating to an identified or identifiable natural person (each, a “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of that natural person.
PERSONAL INFORMATION WE COLLECT
The USA PATRIOT ACT requires all financial institutions to obtain, verify, and record Personal Information that identifies each person who opens an account. This federal requirement applies to all new users. This Personal Information is used to assist the United States government in the fight against the funding of terrorism and money-laundering activities. What this means for you: when you create an Abra Wallet, we ask you for your name, email address, mobile phone number and other identifying Personal Information.
Personal Information we collect may include the following:
Individual Users — Depending on your level of activity, Abra will attempt to collect, verify, and authenticate the following:
- Email address;
- Mobile phone number;
- Full legal name;
- Social Security Number (“SSN”) or a comparable government-issued identification number;
- Date of birth;
- Proof of identity (e.g., unexpired driver’s license, passport or other government-issued identification);
- Home address (not a mailing address or P.O. Box); and
- Additional Personal Information or documentation at the discretion of our Operations Staff.
Legal Entities — We attempt to collect, verify, and authenticate the following:
- Entity legal name;
- Employer Identification Number (“EIN”) or any comparable identification number issued by a government;
- Full legal name of all account signatories;
- Email address of all account signatories;
- Mobile phone number of all account signatories;
- Principal place of business and/or other physical location;
- Proof of legal existence (e.g., state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable); and
- Documentation indicating that the signatories are authorized to act on behalf of the legal entity.
Device Information – Information automatically collected about the device used to access the Abra platform (such as, but not limited to, hardware, operating system, browser, etc.).
Location Information – Information automatically collected to determine your location, including your IP address and/or domain name.
Log Information – Information that is generated by your use of Abra that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any information related to Abra services you utilize.
Transactional Information – Information that is generated by your activity, including, but not limited to, trading activity, order activity, deposits, withdrawals, and wallet balances.
Correspondence – Information that you provide to us in correspondence, including creating a wallet or wallets, and with respect to ongoing user support.
Some of our web pages may contain “cookies”, or data that is sent to your web browser and stored on your computer. The purpose of these “cookies” is to allow our server to recognize you as a returning visitor, customize our services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our sites and services. We may also use trusted third-party services that track this information on our behalf. In the event you do not wish to receive such cookies, you may configure your web browser to not accept cookies or to notify you if a cookie is sent to you. You are free to decline cookies if your web browser permits, but you may not be able to use all the features and functionalities of our website. Abra does not link the information we store in cookies to any personally identifiable information you submit while on our website.
HOW WE USE AND SHARE THE PERSONAL INFORMATION WE COLLECT
The Personal Information we collect and the practices described above are done in an effort to provide you with the best experience possible, protect you from risks related to improper use and fraud, and help us maintain and improve the Abra platform.
We may share Personal Information with third-party service providers (including those that may be located outside of the United States or your country), who help us operate our platform and systems, and detect fraud and security threats during the normal course of our business. Such third-party service providers are subject to strict confidentiality obligations.
For example, we may use your Personal Information to:
Provide you with our services, including user support for Abra;
- Optimize and enhance our services for all users or for you specifically;
- Conduct anti-fraud and identity verification and authentication checks (you authorize us to share your Personal Information with our third-party service providers, who may also conduct their own searches of publicly available Personal Information about you);
- Monitor the usage of our services, and conduct automated and manual security checks of our services; and
- Create aggregated and anonymized reporting data about our services.
Abra may, under certain circumstances and in its sole discretion, disclose your information if we believe that it is reasonable to do so. Such disclosure or transfer is limited to situations where the personal data are required for the purposes of (1) provision of the services, (2) pursuing our legitimate interests, (3) law enforcement purposes, or (4) if you provide your prior explicit consent.
Such reasonable disclosure cases may include, but are not limited to:
- Satisfying any local, state, or Federal laws or regulations;
- Responding to requests, such as discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies;
- As may be necessary for the operation of Abra;
- Generally cooperating with any lawful investigation about our users; or
Be aware that Bitcoin, Litecoin, and other cryptocurrencies are not necessarily anonymous. Generally, anyone can see the balance and transaction history of any public cryptocurrency address. We, and any others who can match your public cryptocurrency address to other Personal Information about you, may be able to identify you from a blockchain transaction. This is because, in some circumstances, Personal Information published on a blockchain (such as your cryptocurrency address and IP address) can be correlated with Personal Information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you. You agree to allow us to perform such operations and understand that we may do so.
Protection of Personal Data
We take the protection and storage of your personal data very seriously and take all reasonable steps to ensure the ongoing confidentiality, integrity, and availability of your personal data. We protect your personal data by using reasonable security safeguards against loss or theft, unauthorized access, disclosure, copying, use, or modification. Your personal data is stored behind secured networks and is accessible by a limited number of persons who have special access rights to such systems and are required to keep the personal data confidential. We implement a variety of security measures, such as encryption and anonymization when users enter, submit, or access their personal data to maintain the safety of their personal data. Please note, however, that no system involving the transmission of information via the Internet, or the electronic storage of data, is completely secure. Consequently, we are not liable for any loss, theft, unauthorized access, disclosure, copying, use, or modification of your personal data that occurs outside our reasonable control.
Should a personal data breach occur, we will inform the relevant authorities without undue delay and immediately take reasonable measures to mitigate the breach. We will notify you about such a breach via email as soon as possible but no later than within seven business days.
ACCURACY AND RETENTION OF PERSONAL INFORMATION
We take reasonable and practicable steps to ensure that your Personal Information held by us (i) is accurate with regard to the purposes for which it is to be used, and (ii) is not kept longer than is necessary for the fulfillment of the purpose for which it is to be used, which is when your business relationship with us ends, unless the further retention of your Personal Information is otherwise permitted or required by applicable laws and regulations.
ACCESS, CORRECTION, AND DELETION OF PERSONAL INFORMATION
You have the right to ascertain whether we hold your accurate and current Personal Information, to obtain a copy of the Personal Information that you submitted as permitted by law, and to correct any of your data that is inaccurate. You may also request that we inform you of the type of Personal Information we hold with regard to you, subject to restrictions on our providing copies of certain data pursuant to our obligations under the Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) regulations and/or data provided to our legal counsel in defense of a claim against us. You may also request that we delete your Personal Information, subject to restrictions under applicable laws and regulations, such as those related to the BSA and AML. For data access, correction, or deletion requests, please contact email@example.com.
When handling a data access, correction, or deletion request, we check the identity of the requesting party to ensure that he or she is the person legally entitled to make such request. While our policy is to respond to such requests free of charge, we reserve the right to charge you a reasonable fee for compliance with your request should your request be repetitive or unduly onerous.
Subject to applicable laws and regulations, we may from time to time send direct marketing materials promoting services, products, facilities, or activities to you using information collected from you. We will provide you with an opportunity to opt-out of such communications and will only send them to you if you consent.
We do not sell user Personal Information to third parties for the purpose of marketing.
EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD
As a global entity, Abra may store, transfer, and otherwise process your personal information in countries outside of the country of your residence, including the United States and possibly other countries.
Abra is responsible for the processing of personal information it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Pursuant to the Privacy Shield Principles, Abra will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We take all reasonable steps to ensure that personal information we process is limited to only what is relevant to the purposes for which it was collected and that it is accurate, complete, and up-to-date.
Abra complies with the Privacy Shield Principles for all onward transfers of personal information from the EU and/or Switzerland, including the onward transfer liability provisions. Consequently, before Abra shares your information with any third party that is not also certified under the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield Frameworks, Abra will enter into a written agreement that the third party provides at least the same level of privacy safeguard as required under those Frameworks, and assures the same level of protection for the personal information as required under applicable data protection laws.
COMPLAINTS ABOUT HANDLING OF PERSONAL DATA
After you submit such a complaint, we will send you an email within five business days confirming that we have received your complaint. Afterwards, we will investigate your complaint and provide you with our response within a reasonable timeframe.
If you are a European and/or Swiss Data Subject with an unresolved complaint or dispute arising under the requirements of the Privacy Shield Frameworks, you may refer your complaint under the Frameworks to an independent dispute resolution mechanism, free of charge to you. Our independent dispute resolution mechanism is JAMS Mediation, Arbitration and ADR Services (“JAMS”). You may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield.
We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to the Framework. Please note that under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel if your complaint is not resolved through the mechanisms describes above.
If you are a resident of the European Union and you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
If you are located in the EU or Switzerland and have questions or concerns regarding the processing of your Personal Information, you may contact us at: firstname.lastname@example.org or write us at:
Plutus Financial, Inc.
PO Box 390004
Mountain View, CA 94039