Privacy Policy (V2) 31st December 2024

1. Introduction

   IRAMP SPÓŁKA Z O.O. (“iRamp”) is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and the Markets in Crypto-Assets Regulation (MiCA). By using iRamp services, you consent to the processing of your data as outlined in this policy. This Privacy Policy ensures transparency in how your data is collected, processed, and protected in accordance with applicable legal standards.

2. Definitions

   • Personal Data: Any information relating to an identifiable person.
   • Processing: Any operation performed on personal data, such as collection, storage, or sharing.
   • Data Controller: iRamp, which determines the purpose and means of processing personal data.

3. Personal Data and Processing Methods

   iRamp collects and processes personal data to deliver services, meet regulatory requirements under MiCA and GDPR, and enhance user experience. Data is collected directly from users and through authorized third parties, such as verification services, in full compliance with these regulations. The categories of data collected include:

   • Identification Data: Government-issued IDs, selfies, and proof of address.
   • Contact Information: Email addresses, phone numbers, and physical addresses.
   • Transaction Data: Details of fiat and cryptocurrency transactions conducted via iRamp.
   • Technical Data: IP addresses, device identifiers, and browsing activity.

   Data processing purposes include:

   • Verifying user identity to comply with AML/CFT and MiCA requirements.
   • Fulfilling contractual obligations for crypto-asset transactions.
   • Ensuring compliance with MiCA’s transparency and consumer protection requirements.
   • Monitoring for suspicious activities under Know Your Transaction (KYT) standards.

4. Disclosure of Personal Data

   iRamp may share personal data with the following entities, ensuring proper safeguards in compliance with MiCA and GDPR:

   • Data Processors: Authorized third-party providers supporting identity verification, transaction monitoring, or customer support.
   • Authorities: Government agencies or regulatory bodies as required by law or MiCA obligations.
   • Partners: Institutions involved in executing or facilitating services, subject to strict confidentiality agreements.

   Cross-border data transfers outside the EU/EEA are conducted only when adequate safeguards (e.g., Standard Contractual Clauses) are in place.

5. Personal Data Storage

   Personal data is retained as follows:

   • For regulatory compliance (e.g., MiCA and AML laws): A minimum of five years after the end of the business relationship.
   • For other purposes: Only as long as necessary to fulfill the purposes outlined in this policy.

6. Cookies

   iRamp uses cookies to enhance the user experience and analyze site performance. By using our website, you consent to the use of cookies as described in our Cookies Policy.

7. Security

   iRamp implements robust technical and organizational measures to protect personal data against unauthorized access, loss, or alteration. These measures include:

   • Data encryption during storage and transmission.
   • Secure access controls and multi-factor authentication.
   • Regular audits to ensure compliance with GDPR and MiCA standards.

8. User Rights

   Under GDPR and MiCA, users have the following rights concerning their personal data:

   • Access: Request information about how your data is processed.
   • Correction: Update or correct inaccurate data.
   • Erasure: Request the deletion of personal data, subject to legal and regulatory retention requirements.
   • Restriction: Limit processing in specific circumstances.
   • Portability: Obtain a copy of your data in a structured, commonly used format.
   • Objection: Object to data processing based on legitimate interests.

   Users can exercise these rights by contacting iRamp at support@iramp.io.

9. Legal Limitations and Obligations

   Personal data may be disclosed to meet legal obligations, ensure public safety, or protect the rights of iRamp or its users. MiCA mandates certain disclosures for regulatory compliance, including reporting suspicious activities to relevant authorities.

10. Compliance with MiCA Transparency Requirements

    In accordance with MiCA, iRamp ensures full transparency regarding how personal data is processed for regulatory compliance, including:

    • Informing users about the purposes and legal basis for data processing.
    • Providing clear communication regarding the risks of crypto-asset transactions.

11. Policy Updates

    This Privacy Policy may be updated to reflect changes in laws or our processing practices, particularly as MiCA and GDPR evolve. Updates will be communicated to users, and the latest version will always be accessible on our website.

12. Contact Information

    For questions, concerns, or requests regarding your personal data, please contact us at:

IRAMP SPÓŁKA Z O.O.

Address: Piotrkowska 116, 90-006, Łódź, Poland

Email: support@iramp.io

Jurisdiction and Service Exclusions

iRamp does not provide services to residents or entities within the United Kingdom. Users from the UK are not eligible to access iRamp’s services, in compliance with jurisdictional restrictions under MiCA and GDPR.