Last Updated September 30, 2024
[Rigsec Technology Limited] and its affiliates and subsidiaries
(collectively, “we”, “us”, or “our”) have established a corporate vision
to respect, protect and promote privacy. We are strongly committed to
protecting your privacy rights, and we work to maintain your trust and
confidence when handling personal or financial information.
This Privacy Notice (“Notice”) explains how we collect, use, store, share,
delete and protect your personal data when you interact with us in any of
the following ways (collectively, the “Services”):
● By visiting the websites at
https://rigsec.com/api/mApprover/private
or our mobile application;
● By using our
services;
● By interacting or communicating
with us as part of our marketing practices; and
● By connecting with us at industry events and conferences.
In this Notice, “personal data” means information that (either in
isolation or in combination with other information) enables you to be
directly or indirectly identified. This Notice also describes the choices
that you have with respect to your personal data and how to contact us to
learn more about our privacy practices.
We encourage you to read this
Privacy Notice carefully as it can help you make informed decisions about
enjoying our Services. You should acknowledge that certain products or
services may be covered under separate agreements with our affiliates. If
you have such an agreement in place, please refer to that agreement for
details on how those services collect and use personal data.
We collect certain personal data about you in the following ways:
I. DATA TO BE COLLECTED
Based on your consent and the performance of a contract with you, we collect personal data to register you as our user of this application, as well as to generate a unique user ID from device technical information. This unique ID is used by mApprover for the unique identification of you, ensuring the uniqueness, authenticity, integrity, and security of subsequent crypto transaction approvals. Additionally, we analyze device information to determine whether the user’s device has been jailbroken and if the device's operating environment has been maliciously tampered with, ensuring the security of the operating system when using mApprover.
Account Data
o Name
o E-mail address
o Password
o PIN Code
Technical Data We Collect Automatically
o Basic equipment information, including
equipment brand, equipment manufacturer, equipment model number, equipment
name, equipment system type and version, equipment basic configuration,
equipment basic settings, equipment environment;
o Device identification information, including Android ID, IDFV
(Identifier For Vendor), IDFA (Identity for Advertisers), OAID (Open
Anonymous Device Identifier);
o Device
network information, including network access form, wireless router
identification (BSSID, SSID) and IP address, WIFI list, network operator
information, network base station information, network connection
status;
number;
o Device application information, including SDK host application package name, version number and installed application. The Installed application information with ishuemi SDK, in order to fraud prevention, security, or compliance with laws. For example, monitor whether the device is in the root environment, whether there is a hook risk, and whether it is running on a real device, etc.
To provide product functionality, analyze performance, solve bugs, and guarantee the basic availability and stability of the product. This purpose is based on your consent and/or our legitimate interests in improving experience and security to deal with operational bugs or product issues you encounter during use.
II. CDE-IDENTIFIED OR AGGREGATE INFORMATION
We may use the information we have about you to create de-identified or
aggregate information, such as de-identified demographic or location
information, information about devices used to access our services, or
other relevant analyses. Such data cannot be associated with a specific
individual. We may perform our analytics on such data or share it with any
third-parties.
Our Services are not intended for children, so we restrict anyone below the age of 16 years or below the age of legal majority in the relevant jurisdiction to use services. We do not knowingly or intentionally collect and process any data related to children.
We are unable to identify whether a child has provided us personal data without the KYC process. If we become aware that a child has provided us with personal data, we will take steps to delete such information as soon as possible.
I. WHEN YOU SHARE YOUR PERSONAL DATA
Some of our Services have functions and features that allow you to share information with other people. For example, you can refer friends or share your account to others. You have control over when, how, and who you share with when you enjoy these functions or features.
II. WHEN WE SHARE YOUR PERSONAL DATA
We share your personal data with your consent or as necessary to provide you the services. We will share your data as follows:
● With our affiliates, partner organizations, or suppliers when it is reasonably necessary or desirable, such as helping to provide products and services to you or to analyze and improve the Services.
● With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf. This might include, but is not necessarily limited to the business entities that provide e-mail address management and communication contact services, network equipment and application management providers and hosting entities, credit and debit card payment gateways and processors and the issuing and acquiring banks involved in the funds settlement procedures necessary to charge your cards or financial accounts, judicial, administrative and/or legal or financial accounting providers in the event that information must be reviewed or released in response to civil and/or criminal investigations, claims, lawsuits, or if we are subject to judicial or administrative process (such as an injunction) to release your information or to prosecute or defend legal actions, and other service providers that may be involved in the other types of services and activities otherwise discussed in this Notice. We shared your personal data to the third-party is as below list.
|
Sub-Processor |
Privacy Notice |
Service Type |
|
Ishumei SDK |
https://www.ishumei.com/legal/cn/privacy.html |
ishuemi SDK, in order to achieve fraud prevention, security, or compliance with laws. For example, monitor whether the device is in the root environment, whether there is a hook risk, and whether it is running on a real device, etc. |
● To abide by applicable law or protect rights and interests. For example, we may disclose your personal if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
● In aggregated or anonymized manner that does not directly identify you with third parties.
If you elect to receive periodic email communication from us (such as company newsletter, Services information), you may choose to opt out from receiving such communications by clicking the “Unsubscribe” link provided in these emails.
We operate globally, and we may need to transfer your personal data internationally. To provide secure and stabile of the Services, we maintain servers in Japan, Singapore, and Hong Kong. Your personal data may be processed outside your country of residence. Data protection laws vary from country to country, with some countries offer more protection than others. Wherever your personal data is processed, we apply the same protections as described in this Notice. We transfer your personal data in accordance with legal frameworks required in different jurisdictions. Recipients of your personal data must agree to at least the same level of privacy safeguards required by applicable data protection laws. Such as those described below:
● In some cases, we rely on the following adequacy decisions:
a. European Commission adequacy decisions
● In some cases, we rely on the following agreements:
a. EEA Standard Contractual Clauses (SCCs)
b. UK Standard clause contract
c. DUBAI Standard Contractual Clauses (DIFC SCCs)
Privacy protection is a key component of our brand value and a cornerstone of our business. We respect and do our best to protect your personal data by establishing and implementing comprehensive technical and organizational measures.
We use reasonable and appropriate administrative, technical, and physical safeguards to protect information we have about you from loss, theft, and unauthorized use, access, modification, or destruction. We regularly review our established policies and procedures to ensure that they are appropriate and effective. We also require third party service providers acting on our behalf or with whom we share your information to maintain security measures consistent with industry standards.
In regards to technical measures, many advanced technology methods, tools, and platforms are used to protect your personal data security. We use encryption technology to ensure the security of your personal data during storage and transmission; we use pseudonymization technology to render the personal data no longer attributable to a specific individual without the use of additional information; we implement the zero trust and secure access service edge (SASE), multi-factor authentication (MFA) and could native DLP-cloud access security broker (CASB), to strictly protect the availability, confidentiality, and integrity of your data.
In regards to organizational measures, information security and privacy management systems have been established, and data security and privacy protection policies, procedures, and standards have been set up. We implement Privacy by Design and by Default process to establishing baseline requirements for privacy protection; we regularly conduct training for our employees and require them to practice relevant privacy protection requirements at work by signing the non-disclosure agreement and making available the employee handbook. Meanwhile, we control and audit employees' access rights to personal data to minimize access to personal data. To ensure effectiveness, we have established structured internal controls and implemented internal auditing.
Despite our security safeguards, it is impossible to guarantee absolute security in all situations. If you have any questions about the security of our Services, please contact us as described below.
We keep your personal data for as long as it is necessary for us to carry out our business and legal purposes, for finance, tax, and accounting purposes or as otherwise communicated to you. The specific periods for which we keep your information varies depending on the nature of the information, its purpose, and if it is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and stated in contracts and other legal obligations.
Personal data collected to perform a contract with or to comply with our legal obligations under financial or anti-money laundering laws may be retained after transaction closure for as long as required under such laws. It is generally required to be kept for five (5) to ten (10) years in the relevant laws or regulations of different jurisdictions.
Personal data collected based on your consent and/or our legitimate interests in improving experience and security to deal with operational bugs or product issues you encounter during use will be kept for a period of up to two (2) years from your deregistration of our websites or apps, and you may additionally request deletion of the data collected by your consent in accordance with Section 9 “YOUR RIGHTS AND CHOICES” below.
Depending on your jurisdiction, you may have different rights. The following types of rights are common. Different jurisdictions offer different additional rights, as set forth below. You can contact us by sending Email to contact@rigsec.com to exercise your data protection and privacy rights at any time, and we will respond to your request within fifteen (15) business days or the timeline specified in the relevant local privacy protection law after confirming your identity.
I. JURISDICTIONS WHERE GDPR AND EQUIVALENT LEVELS OF PROTECTION LAWS APPLY
● Right to be informed: you have the right to be informed about the collection and use of your personal data. We set out this Notice for this purpose, and you will be informed of any changes to this Notice.
● Right to access: you have the right to request copies of your personal data from us.
● Right to rectification: you have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete. Some rectifications can be made directly from the front end of our app or website, such as changing your registered account email or phone number, while others will require you to contact us, i.e. change your KYC documents.
● Right to be erasure: you have the right to request the erasure of your personal data. However, we are required to keep some data by law and for the duration of the retention period cannot be erased. For example, in South Korea, the relevant e-commerce law requires us to retain data relating to payment transactions for five (5) years.
● Right to deletion: if you are no longer using our app products, you may delete your app account. Based on the contracts you signed during your trading activity, you need to ensure that the assets in your account are disposed of before the deletion.
● Right to object processing: you have the right to object to the processing of your personal data under certain circumstances. Please note you will not be able to carry out any transactional activities when you object processing of certain data that is necessary for the performance of a contract or necessary for us to comply with our legal obligations.
● Right to restriction of processing: you have the right restrict the processing of your personal data. Please note you will not be able to carry out any transactional activities when you restrict the processing of certain data that is necessary for the performance of your contract or necessary for us to comply with our legal obligations
● Right to withdraw consent: insofar as our processing of your personal data based on your consent, you have the right to withdraw consent at any time.
● Right to data portability: you have the right to request to transfer your personal data to you or a third party of your choice under certain circumstances.
● Right related to automatic decision-making and profiling: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
II. JURISDICTIONS WHERE CCPA AND EQUIVALENT LEVELS OF PROTECTION LAWS APPLY
● Right to unsubscribe from direct-marketing: when you register and interact with our Services, we will obtain your consent to receive marketing emails from us, we may use your data to provide you with promotional communications and emails. Although we hope you will find our emails of interest, you may opt out of receiving these communications by clicking the “Unsubscribe” button in the email content.
● Right to opt out of sale: we do not sell your personal data. Our business is not required to do this, nor do we intend to do so. This is a special statement to meet the requirements in California Consumer Privacy Act ("CCPA").
● Right to be free from retaliation and discrimination: we respect and protect your privacy and will not retaliate and discriminate against you for exercising any of the above rights.
We may update this Privacy Notice from time to time. Any such changes will not reduce your rights under this Privacy Notice. We always indicate the date the last changes were published and the archived versions will be available for your review. If changes are significant, we will provide a more prominent notice, including, without limitation, a notification on email notification. We encourage you to periodically review our Privacy Notice to stay informed about our data protection practices.