Privacy Policy

KAST, along with our affiliates and subsidiaries (collectively referred to as “KAST,” “us,” or “our”), presents this policy to delineate our practices regarding the safeguarding, acquisition, application, and sharing of your personal information. This applies when you interact with our services including:

  • Website and Online Platforms: Our digital content is accessible via https://www.kast.finance/ , KAST App and other online platforms we manage.

  • Social Media and Online Presence: Our official digital channels across various social media platforms.

  • API and Service Usage: When utilizing the KAST API or third-party applications that depend on our API, alongside other related services.

Please thoroughly review this policy as it is crucial for understanding our practices and your interaction with our services. If you have any queries, reach out to us at support@kastcard.com. Your use of our services signifies your acceptance of these terms. If you disagree with any part of this policy, please refrain from using our services.

Definition of Personal Data:

Personal data, as defined here, includes any information that:

Personal data, as defined here, includes any information that:

a) Directly or indirectly pertains to a living person.

b) Allows for the identification of an individual, either directly or indirectly.

c) Is accessible and processable.

Data Collection

As a visitor or user of our services, we collect necessary personal information to provide our services, comply with legal requirements, or as detailed herein. Providing personal data marked with asterisks is mandatory for service provision.

What do we collect?

How do we use it?

Information collected by using our official website, app or webapp:

pages visited, country location, date and time of requests, IP address, interaction with our Site(s), device, operating system and web browser user.

We use the anonymous information to recognize your repeat visits and preferences, personalize the browsing experience, measure the effectiveness of campaigns, and statistically analyze the usage of our Site(s).

Information collected when you register an account: email address, full name, phone number, and PIN*

We use the contact information to display in the user interface and verify your identity when required. The information may also be used to:

Manage risks, or detect, prevent, and/or remediate fraud or other potentially illegal or prohibited activities or violations of policies or applicable agreements;

Provide you with customer support services;

Measure the performance of the Services and improve their content and layout;

Manage and protect our information technology infrastructure;

Inform you regarding your account or any updated security measures; and

Manage your account with us.

Information collected when messaging us through our contact form: Name, Email address, Company, and the message content

We use this information to contact you to reply to your request and provide the most relevant information to you in our answers

Information collected when you proceed with AML requirement: Full name, residency, email, ID, Date of Birth, picture

We may use your contact information to verify your identity and conduct necessary KYC checks to comply with legal and regulatory requirements. This includes contacting you to request additional information, KYC status or documentation to complete the KYC process.

Information collected when subscribing to our newsletter: Name, Email address, Company profile

If you explicitly agree to subscribe to our newsletter, we will use this data to provide personalized business information about new services and products as well as for industry trends research purposes

Information collected when you request access to your data or correction of data: Name, ID/Passport, email address*

We use this information to verify your identity to proceed with your request for DAR or DCR

Information collected when you use the service, your activity and information you provide: Information and content you provide, including your contact information like email address, phone number, name

App, browser and device information: Device identifiers

Providing marketing communications (including but not limited to promotional materials, newsletters, and information about our products and services that we believe may be of interest to you) to you:

Depending on your settings and subject to applicable law, we’ll share marketing communications with you.

We’ll collect and store your information and use it to send marketing communications to you, like an email, subject to applicable laws.

Information collected when you have access to a wallet: account number, API private keys, withdrawal and deposit transactions, trading operations

Allowing the correct and complete provision of services by the Custodian Partner;

Information collected when you want to access regulated services: Full name, residency address, passport, nationality, picture

Allowing the correct and complete provision of regulated services. The personal information will be shared with partner providing regulated services (such as issuance of card, custody)

Third-Party Data Collection

We may obtain your data from partners, affiliates, and external sources, including social media connections. This may encompass demographic information and identity verification via KYC processes (hereinafter referred to as the “KYC”).

Data Sharing With Third Parties

We might share your information with affiliates, service providers, government bodies, or other third parties under certain conditions with our affiliates or subsidiaries, service providers (eg. AML, CRM, communication services) vendors, agents, relevant government ministries, regulators, partners, or any third party, including but not limited to when third parties perform part of our Services on our behalf (e.g. for data processing, analytics, delivery of Services, and verification), when complying with legal obligations, to protect the rights, property, or safety of our company, clients or others.

Some third-party processing your personal data either on KAST behalf or any other circumstance may be located in a different country from the point of collection of your personal data including but not limited to the location of servers or cloud-based services.

In the case where your personal information must be shared with third parties in circumstances that are not standard with our relationship with you, KAST will request your consent unless the disclosure of your personal information is:

(a) requested by Authority, law enforcement agency, or public agency;

(b) without a doubt in your interests, and if consent cannot be obtained in a timely way;

(c) necessary to respond to an emergency that threatens the life, health, or safety of yourself or another individual; or

(d) required, permitted, or authorized based on the applicable laws and/or regulations.

Our websites and services may feature links to external sites or applications not operated by KAST. When you follow these links, our Privacy Policy will no longer apply. We encourage you to review the privacy policies of these external platforms. KAST does not bear responsibility for the privacy practices of third-party websites or applications.

Data Storage and Processing

We may transfer, store, and process your personal data in various locations, including facilities operated by third parties like Google or Amazon Web Services or others. Despite the international nature of our data processing, we are committed to enforcing robust data and privacy protection standards.

Securing Personal Data

Our commitment to your data’s security is unwavering. We adhere to the Personal Data (Privacy) Regulation and other relevant regulations to safeguard the confidentiality and integrity of your personal information. Despite rigorous electronic safeguards, we must acknowledge the possibility of unauthorized data disclosure. In such instances, our liability for any resulting harm to users or third parties is limited to the maximum extent permitted by law.

Your Rights Regarding Personal Information

As a user of KAST services, you have specific rights regarding your personal data:

  • Data Access and Correction: You can request a copy of your personal data we hold (Data Access Request, “DAR”) or request corrections (Data Correction Request, “DCR”) by writing to us.

  • Objecting to Data Use: You can object to our use of your personal information by contacting support@kastcard.com. Note that this may impact your ability to use our services.

  • Response Time: We aim to respond to your requests within 40 calendar days.

In some circumstances, we may decline to comply with your request in the following circumstances:

(i) a government agency or regulator with jurisdiction over KAST, directs KAST not to comply with a visitor or user’s request;

(ii) the information may, in our discretion, affect the safety of any person or persons;

(iii) the data may be relevant to a regulator or official investigators (criminal conduct or breach of applicable laws)

(iv) the data correction request is not made in Chinese or English writing;

(v) it is unable to verify the identity and authority of the requestor;

(vi) it is not satisfied that the personal data to which the DCR relates is inaccurate;

(vi) it is not provided with sufficient information to ascertain that the data is inaccurate; or

(vii) it is not satisfied that the correction provided in the DCR is accurate.

In case you decide to withdraw your consent for the use of your personal data by KAST, you are advised to immediately discontinue using our services and inform us via email at legal@kastcard.com. Upon receiving your request, we will process it promptly. Be aware that withdrawing consent may have legal implications and could impact our ongoing relationship. The extent of your consent withdrawal might necessitate the termination of your access to our services.

You have the right to request the erasure of your personal data in our control, commonly known as the “right to be forgotten.” However, we may not always be able to fully comply due to legal obligations or technical limitations. We commit to erasing personal data when it’s no longer needed for its original purpose, except where law or public interest prevents such erasure. When you submit an erasure request, we may ask for identification to verify your identity. For efficient processing, please specify the right you are exercising and provide necessary details. Incomplete information might result in a delay in processing your request.

Children Restriction

Any individual below the age of 18 (or applicable age required for you to legally access or use the Services) shall obtain permission from their parents or legal guardians before accessing or visiting our Site(s) and Services.

KAST does not have any intention to collect any personal data about individuals below the age of 18, KAST may not stop such individuals from accessing and visiting the Site. If you act as a parent or guardian, by providing us with the personal data of an individual below the age of 18, you hereby consent to the processing of his/her personal data as per applicable laws and agree to be personally bound by the terms of this Privacy Policy and take full responsibility for his/her actions.

Retention

KAST retains your personal data for as long as your account remains active or as necessary for providing services, including for legal, accounting, or reporting requirements. This includes retention periods post-termination of our business relationship as mandated by applicable laws, such as anti-money laundering regulations. For further inquiries, contact us at support@kastcard.com. Upon account closure or when data is no longer needed, we may delete or destroy your information, except where retention is legally required or for other regulatory or audit purposes.

Update KAST Privacy Policy

We may change this Privacy Policy from time to time. If we do, we will let you know by revising the date at the top of the policy. If the changes, in our sole discretion, are material, we may also notify you by sending an email to the address associated with your account (if you have chosen to provide an email address) or by otherwise providing notice through our Services. We encourage you to review the Privacy Policy whenever you access or use our Services or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. By continuing to use our Services after Privacy Policy changes go into effect, you agree to be bound by the revised policy.

Notice

If you wish to ask or notify us for:

(a) DAR or DCR;

(b) Queries related to this privacy policy;

(c) Remove your consent for us to use your personal data; or

(d) Erase personal data.

Please send us a notice to: support@kastcard.com

Cookies KAST may use

What Are Cookies? Cookies are small amounts of data that are sent to your browser and stored on your computer’s hard drive to collect standard internet log information and visitor/user behavior information. When you visit our Sites or Channels, KAST can automatically collect information from you through cookies or similar technologies. There may also be third-party cookies on our Websites and Channels.

For more information, please visit: www.allaboutcookies.org

How Do We Use Cookies? We use cookies in a range of ways to make your experience on our Sites and Services more enjoyable, including but not limited to: a. to keep you signed in; b. to record your habits and preferences when browsing our Sites and Services; c. to record our performance and verify the effectiveness of online advertising through Google Stats with cookies; d. Manage and improve the design of the Site and Services We may collect your personal information, anonymized, to support us in our business. Such information may be shared, disclosed, leased, assigned, licensed, sold, and transferred

How to Manage Your Cookies? Most browsers are automatically accepting cookies. You can adjust your browser setting to prevent cookies or to notify you as soon as cookies are loaded. However, stopping all cookies might mean that you cannot access or use some of our Services or features.

What is Do Not Track (DNT)? DNT is a concept that has been promoted by regulatory agencies, for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites by using browser settings. However, please be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honor ‘Do Not Track’ requests that you have set using your browser or device. Therefore, this Privacy Policy does not cover third-party policies related to cookies.

Last updated