Last Updated: September 11, 2019
In this Policy “Services” means the web site, any feature provided by us via that website or any local application (mobile desktop or otherwise), including without limitation wallet services or REC information services, but excluding API services, which are governed by a separate agreement.
Collecting of Personal Information
Use of Personal Data
Disclosure of Personal Data
Security of Your Personal Data
Retention of Your Personal Data
Storage of Personal Data
Questions and Complaints
1. Collecting of Personal Information
When you access or use the Services, we collect the following information:
Information you may provide to us: You may give us information about you by filling in forms on our website or through our app or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Services and when you report a problem with the website or with our app.
Information we collect about you: With regard to each of your visits to our website or our app we automatically collect the following information:
Login Information: We log technical information about your use of the Services, including the type of browser and version you use, last access time of your wallet, the Internet Protocol (IP) address used to create the wallet and the most recent IP address used to access the wallet.
Device Information: We collect information about the device you use to access your account, including the hardware model, operating system and version, and unique device identifiers, but this information is anonymized and not tied to any particular person.
Wallet Information: If you create a REC wallet through our Services, you may choose to generate a public and private key pair. When you log out of the wallet, we collect an encrypted file, that, if unencrypted, would contain these keys, along with your transaction history. When you enable notifications through your Account Settings, we will collect the unencrypted public key in order to provide such notifications. Under no circumstances do we ever collect an unencrypted private key from you, nor can we decrypt any wallet file data.
Transaction Information: In connection with our Conversion Service, as such term is defined in our User Agreement, we may collect and maintain information relating to transactions you effect in your Wallet that convert one Virtual Currency to another (e.g. Ether).
Information We Collect from Other Sources: We also receive information from other sources and combine that with information we collect through our Services. For instance:
We use third-party services that may be co-branded as REC but will do so with clear notice. Any third-party services may collect information as determined by their own privacy policies.
2. Use of Personal Data
As it is in our legitimate interest to be responsive to you and to ensure the proper functioning of our products and organization, we will use your information to:
Understand and meet your needs and preferences in using our Services;
Develop new and enhance existing service and product offerings;
Manage and develop our business and operations;
Carry out any actions for which we have received your consent;
Prevent fraudulent or other criminal activity; and
Meet legal and regulatory requirements.
We also reserve the right to use aggregated Personal Data to understand how our users use our Services, provided that those data cannot identify any individual.
We also use third party web analytic tools that help us understand how users engage with the website. These third parties may use first-party cookies to track user interactions to collect information about how users use our website. This information is used to compile reports and to help us improve our website. The reports disclose website trends without identifying individual visitors. You can opt out of such third party analytic tools without affecting how you visit our site – for more information on opting out, please contact firstname.lastname@example.org.
We will process your Personal Data legally and fairly and not use it outside the purposes of which we have informed you. So far as we are able we shall ensure that all of your Personal Data is accurate and up to date.
3. Disclosure of Personal Data
We may share your information with selected recipients to perform functions required to operate your REC account on our behalf. All such third parties will be contractually bound to protect data in compliance with our Policy. The categories of recipients include:
Companies within the REC corporate family located in the United States in order to provide the Services to you.
Cloud services providers to store certain personal data and for disaster recovery services, as well as for the performance of any contract we enter into with you.
We also may share personal information with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of REC’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by REC is among the assets transferred.
4. Security of Your Personal Data
We protect Personal Data with appropriate physical, technological and organizational safeguards and security measures. Your Personal Data comes to us via the internet which chooses its own routes and means whereby information is conveyed from location to location. As such we cannot give any warranty or assurance that the means where information is conveyed to us are safe, reliable or have integrity. We audit our procedures and security measures regularly to ensure they are being properly administered and remain effective and appropriate. Every member of REC is committed to our privacy policies and procedures to safeguard Personal Data. Our site has security measures in place to protect against the loss, misuse and unauthorized alteration of the information under our control. More specifically, our server uses SSL (Secure Sockets Layer) security protection by encrypting your Personal Data to prevent individuals from reading these Data as they travel over the Internet.
5. Retention of Your Personal Data
The length of time we retain Personal Data outside our back up system varies depending on the purpose for which it was collected and used, as follows:
Data you provide to us when subscribing for our services: while user remains active, stored in the USA.
Country Location data: while user remains active, stored in the USA.
Data on your preferences: while user remains active, stored in the USA.
IP address login: until subsequent login from a new IP, stored in the USA.
Except where prohibited by law, this period may extend beyond the end of the particular relationship with us but only for so long as we are contractually bound to do so, or so far as is necessary for audit, regulatory or other accounting purposes. When Personal Data are no longer needed we have procedures either to destroy, delete, erase or convert it to an anonymous form.
After you have terminated your use of our Services, we reserve the right to maintain your Personal Data as part of our standard back-up procedures in an aggregated format.
6. Storage of Personal Data
REC stores your Personal Data at secure locations in the USA. REC has ensured that appropriate security standards are in place regarding the safeguarding, confidentiality and security of Data. For Residents of the EU, the information that we collect from you will be transferred to, and stored in, destinations outside of your country and the European Economic Area ("EEA") as described below:
Privacy Shield: The personal data that we collect from you will be transferred to, and stored at/processed by REC which complies with the US Department of Commerce's EU-US Privacy Shield and Swiss–US Privacy Shield and has certified that we adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.
Adequacy Decision: The personal data that we collect from you will be transferred to, and stored at/processed in, the UK via encrypted communications channels and stored on hardware owned by REC for the purpose of operation of Services and disaster recovery, which were found to have an adequate level of protection for personal data under Commission Decision 2000/518/EC of 26 July 2000.
Model Clauses: The personal data that we collect from you will be transferred to, and stored at/processed in the EU via encrypted communications channels and stored on hardware owned by REC for the purpose of operation of Services and disaster recovery, under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU.
7. Your Rights
If you are resident in the EU, in certain circumstances you have the right to access and receive a copy of information we hold about you, to rectify any personal data held about you that is inaccurate and to request the deletion of personal data held about you. Any access request after the first such request by you may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you. You also have the right to data portability for information you provide to us – this means that you can obtain a copy of your data in a commonly used electronic format so that you can manage and move it. You may have the right to restrict or object to the processing of your personal data by us. You can exercise your rights by contacting us at email@example.com.
By using the Services, you signify your agreement to this Policy. REC reserves the right to change this Policy at any time. If we make any material changes to this Policy, the revised Policy will be posted here and notified to our users at least 30 days prior to the changes taking effect, so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. Please check this page frequently to see any updates or changes to this Policy
9. Questions and Complaints
Any questions about this Policy, the collection, use and disclosure of Personal Data by REC or access to your Personal Data which is required by law (or would be so subject had the storage in question taken place in a relevant EU member state if the case may be but not otherwise) to be disclosed should be directed to firstname.lastname@example.org.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have infringed data protection laws.