PRIVACY POLICY

Last updated: December 13, 2018

 

Welcome to abstracttokenization.com (“Abstract,” “we,” “our,” or “us”), the website owned by Abstract IQ, Inc. We are committed to protecting your privacy. This Privacy Policy applies to our website, abstracttokenization.com (our “Website”). This Privacy Policy describes how we collect, use, disclose and otherwise process Personal Information about you when you visit our Website, submit Personal Information directly to us on the Website, apply for a job at Abstract through the Website, or otherwise contact us or inquire about or use our products and services (collectively, together with the Website, our “Service”). This Privacy Policy also explains how we process Personal Information in the context of our customer, vendor and partner relationships and the rights and choices available to individuals with respect to their Personal Information. “Personal Information” means any information relating to an identified or identifiable individual.

 

Contents

1.      Personal Information We Collect

2.      Cookies and Similar Technologies

3.      Use of Personal Information

4.     Sharing of Your Information

5.     Rights and Choices

6.     International Data Transfers

7.     Data Security

8.     Children's Privacy

9.     Links to Other Websites and Services

10.  How to Contact Us

11.  Changes to Our Privacy Policy

12.  Additional Information For European Users

 

1. Personal Information We Collect

We may collect Personal Information about you from various sources described below. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with it or if we are legally required to collect it.

Information you provide to us directly

You may provide Personal Information directly to us, including:

        Contact information, such as your name, address, telephone number, and email address

        Profile information, such as the username and password you establish with the Services

        Demographic details, such as date of birth, country of citizenship and/or country of residence

        Information about your net worth and/or income, such as your stated net worth; stated current, historical, and expected future income; source(s) of income; and supporting documentation that you choose to submit (e.g., tax forms, tax returns, pay stubs, financial account statements, and information about your financial assets and liabilities)

        Government-issued identification numbers (to the extent permitted under applicable law), such as a national identification number (e.g., a Social Security Number, tax identification number, or passport number), state or local identification number (e.g., a Driver’s License or other government-issued identification number), and a copy of your government-issued identification card

        Information about your investment experience and preferences, such as investment objectives, investment experience, liquidity needs, and risk tolerance

        Information about your relationship to a company, such as your job title and whether you are a beneficial owner or authorized signatory of the legal entity using the Service

        Feedback and correspondence, such as information you provide when you request information from us, receive customer support, or otherwise correspond with us, including by interacting with our pages on social networking online sites or services

        Financial account information, such as your bank account details and cryptocurrency wallet address

        Transaction information, such as details about financial transactions or investments you make with issuers using the technology services provided by Abstract via the Service, including contracts you may execute (including by using your electronic signature)

        Marketing information, such as your preferences for receiving marketing communications and details about how you engage with our marketing communications

        Other information supplied by job applicants, such as professional credentials and skills, educational and work history, and other information of the type included on a resume or curriculum vitae

        Other Personal Information you provide to us when using the Services


Information that we receive about third parties


We may receive information about individuals who do not interact with us directly. For example, our users, vendors, and partners may provide us with Personal Information about persons other than themselves when using the Service. We require that before we are provided with Personal Information relating to a third party, that the party providing the information has that individual’s permission or lawful authority to share it with us for processing as described in this Privacy Policy. The types of information we receive about third parties includes:

        Information about our users’ companies, such as Personal Information of the beneficial owners and authorized signatories of issuers raising funds or investing through the Service

        Information about our users’ spouses, when relevant to an individual’s status as an accredited investor

        Information about joint account owners, such as information that is needed to open a joint account

        Information about our users’ professional or financial advisors, such as the name and contact information about our users’ lawyer, accountant, broker, or registered investment advisor, for purposes of verifying a user’s status as an accredited investor

        Information about the employees of our customers, vendors, and partners, such as the business contact information that those customers, vendors and partners provide to us in the context of our contractual relationships with them

        Information about potential job candidates, such as when a recruiter contacts us about an individual who may become a candidate for a job at Abstract

        Contact information of referrals submitted by our users


Information we collect from vendors


We may receive information about you from our vendors. For example, we use vendors to verify the identity and accredited investor status of users of our Service, and perform KYC and AML checks. These vendors may provide us with information such as:

        Whether you or your company are on government lists of restricted persons (e.g., the OFAC list or other watch lists or sanctions lists)

        Whether there are adverse media reports regarding you or your company

        Whether you or your company qualifies as a “politically exposed person” (e.g., a government official or representative of an international organization) under applicable law

        Whether the Personal Information that you provided to us matches information contained in databases they consult

        Whether you are an accredited investor per applicable law

The information we collect from vendors may include sensitive information (e.g., criminal conviction for fraud) to the extent permitted under applicable law.

Information we collect from professional or financial advisors

If you request that we verify your accredited investor status through your professional or financial advisor, then that party may provide us with information about you, such as whether you meet legal criteria to qualify as an accredited investor. Professional or financial advisors also provide us with information about themselves, such as their contact information and licensure information.

Information we collect from private and publicly accessible sources

We and our vendors may collect information about you that is publicly available, including from publicly accessible government lists of restricted persons, public databases , media and internet searches (e.g., we may check an investor’s public LinkedIn profile to confirm his/her employment or source of income, we may do Google searches to corroborate public databases). We and or our third party verification providers may also collect information about you from non-public databases of third parties, to the extent permitted under applicable law. Information we collect from our business partners and social media networks

We may partner with third party companies that share Personal Information with us. For example, if you establish a cryptocurrency wallet through one of our partners to make an investment through the Services, the provider of the wallet will share the address with us. We may also maintain pages for our company and our products on a variety of third-party platforms, such as Facebook, Twitter, Google+, YouTube, Instagram, and other social networking services. When you interact with our pages on those third-party platforms, the third-party’s privacy policy will govern your interactions on the relevant platform. If the thirdparty platform provides us with information about our pages on those platforms or your interactions with them, we will treat that information in accordance with this Privacy Policy.

Sensitive Personal Information

We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., information revealing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric information, sexual orientation, or criminal convictions or offenses) on the Service, or otherwise to us.

If you send or disclose any sensitive Personal Information to us when you use the Services, you must consent to our processing and use of such sensitive Personal Information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive Personal Information, you must not submit such sensitive Personal Information through our Website.

Information collected via automated means

We, our service providers, and our business partners may collect Personal Information about you via automated means, such as via cookies, web beacons, embedded scripts, locationidentifying technologies and similar technologies. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, the website you visited before browsing to the Services, general location information such as city, state or geographic area; and information about your use of and actions on our Services, such as pages you viewed, how long you spent on a page, navigation paths between pages, information about your activity on a page, access times, and length of access. In addition, we collect this type of information when you read our HTML-enabled emails, our service providers and business partners may collect this type of information over time and across third-party websites. Please refer to the Cookies and Similar Technologies section for more details.

 

2. Cookies and Similar Technologies What are cookies?

A “cookie” is a text file that a website stores on a user’s device. Our Website may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them or they otherwise expire) to provide you with a more personal and interactive experience on our Website.

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Website; and (2) third party cookies, which are served by service providers or business partners on our Website, and can be used by such service providers or business partners to recognize your computer or mobile device when it visits other websites.


Types of cookies we use

Our Website uses the following types of cookies for the purposes set out below:

Type of Cookie

Purpose

Essential Cookies

These cookies are essential to provide you with services available through our Website and to enable you to use some of its features. Without these

cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Functionality Cookies

These cookies allow our Website to remember choices you make when you use our Website. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-select your preferences every time you visit our Website.

Analytics and Performance Cookies

These cookies collect information about traffic to our Website and about how individuals use our Website. The information gathered may include the types of information described above in the section titled “Information collected via automatic means.” We use this information to help operate our Website more efficiently, to gather broad demographic information, monitor the level of activity on our Website, and improve the Website. We use Google Analytics for this purpose. Google Analytics use their own cookies.

    You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Website by downloading and installing the browser plugin available here.

Targeted and advertising cookies

These cookies track your browsing habits to enable us and third-party

advertising networks to deliver ads that may be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests or browsing behavior. Based on the cookies that the third-party advertising network sets on our Website and other sites, advertisers can display advertisements that may be relevant to your interests on our Website and while you are on third party websites.

You can choose to disable cookies, as described below, or to opt out of the use of your browsing behaviour for purposes of targeted advertising. For opt out instructions, please review the “Targeted online advertising” portion of the “Your Choices” section of this Privacy Policy.


Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” menus). Many browsers are set to accept cookies until you change your settings. For further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

If you do not accept our cookies, you may experience some inconvenience in your use of our Website. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Website.

Other technologies we use on our Website

In addition to cookies, our Website may use other technologies, such as pixel tags to collect information automatically. Pixel tags (which are also known as web beacons and clear GIFs) are used on our Website and in our HTML formatted emails to track the actions of users on our Website and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Website, so that we can manage our content more effectively.

Do Not Track Signals

Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about "Do Not Track," please visit www.allaboutdnt.com.

 

3. Use of Personal Information

To provide the Services

Abstract may use your Personal Information for the following purposes in connection with providing the Services:

        to operate, evaluate, maintain, improve, and provide to you the features and functionality of the Service.

        to manage identity verification of and perform KYC and AML checks on our users.

        to manage accreditation verification of our investors.

        to process purchases and investments you make with issuers through the Service.

        to communicate with you regarding your account with us, if you have one, including by sending you Service related emails or messages (e.g., account verification, change or updates to features of the Service, technical and security notices and alerts, and support and administrative messages).

        to provide and monitor the effectiveness of our Service.

        to monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Website and analyze data about Website traffic

        to diagnose or fix technology problems.

        to tailor our Service, content and communications to you in order to provide you with a better experience.

        to operate, evaluate and improve our business and develop new products and services.

        for other purposes for which we provide specific notice at the time of the collection of the information.

To manage our recruiting and process employment applications

We process Personal Information, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.

To send you marketing communications

If you request information from us (such as signing up for our newsletter), register on the Website, or participate in our contests or promotions, we may send you Abstract-related marketing communications, which may be tailored to you, as permitted by law. You will have the ability to opt out of such communications.

To comply with law

We use your Personal Information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

With your consent

We will request your consent to use your Personal Information where required by law, such as where we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your Personal Information, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third party partners, you may withdraw your consent by contacting those partners directly.

To create anonymous data for analytics

We may create anonymous data from your Personal Information and other individuals whose Personal Information we collect. We make Personal Information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.

For compliance, fraud prevention, and safety

We use your Personal Information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Website; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

 

4. Sharing of Your Information

We do not share or otherwise disclose Personal Information we collect about you, except as described in this Privacy Policy or otherwise disclosed to you at the time of the collection. We may share your Personal Information in the instances described below:

Internal Disclosures

We may share Personal Information with our headquarters and affiliates, other companies and brands owned or controlled by Abstract and other companies owned by or under common ownership as Abstract, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. Personal Information will only be available to those who need such access for purposes consistent with this Privacy Policy or where required by applicable law.

Service Providers

We engage certain trusted third parties to perform functions and provide services to us (e.g., verification providers, website hosting providers and other parties who assist us in operating our Website, conducting our business, managing our marketing campaigns and mailings, performing tax and accounting activities, performing analytics, or serving our customers). We may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. We also require these third parties to maintain the privacy and security of the Personal Information they process on our behalf.

Broker-Dealer

We may disclose Personal Information to the issuer of an investment in which you have signed a subscription agreement or otherwise invested. For example, we may disclose information such as name and contact details, Social Security Number or tax identification number, and results of investor verification and confirmation that an investor is eligible to participate in the offering. An issuer typically needs this information for its own legal compliance and to maintain its ledger of investors. However, we do not control how an issuer uses the Personal Information that we provide to it. Other Disclosures

We may disclose Personal Information to our auditors, accountants, attorneys, CPAs and other professional advisors, insurance companies and brokers and financial institutions, as necessary in the course of the professional services that they render to us. If Abstract is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of Abstract assets or transition of service to another provider, Personal Information may be disclosed or transferred as part of such a transaction as permitted by applicable law or contract. We may also disclose Personal Information to third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with applicable law and the reasonable requests of law enforcement; (b) to protect the security or integrity of our Website or Services; and/or (c) to exercise or protect the rights, property, or personal safety of Abstract, our visitors, or others, including by protecting, investigating and deterring against fraudulent, harmful, unauthorized, unethical or illegal activity, and by enforcing the terms and conditions that govern our Website or Services.

 

5. Rights and Choices

In this section, we describe the rights and choices available to all users. Users who are located within Member States of the European Union, countries in the European Economic Area, the United Kingdom, and Switzerland (collectively, “Europe” or “European”) may read additional information about their rights below.

Marketing Communications

You can opt out from receiving marketing email communications from us by clicking on the unsubscribe link provided in such communications. We make every effort to promptly process all unsubscribe requests. You may continue to receive administrative messages from us, such as purchase confirmations, updates to our terms and conditions, and other policies.

Information Collected via Automated Means

If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that blocking or disabling cookies may negatively impact your experience using the Website, as some features and services on our Website may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it. Modifying or deleting your information

If you have any questions about reviewing, modifying, or deleting your information, or if you want to remove your name or comments from our website or publicly displayed content, you can contact us directly at support@abstracttokenization.com. We may not be able to modify or delete your information in all circumstances.

Targeted online advertising

Some of the business partners that collect information about users’ activities on our Website may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.

Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking.here, selecting the user’s country, and then clicking “Choices” (or similarly-titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.

Choosing not to share your Personal Information

Where we are required by law to collect your Personal Information, or where we need your Personal Information in order to provide services or the Website to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Services by designating it as required on or through the Services or through other appropriate means.

 

6.     International Data Transfers

Abstract is headquartered in the United States and has service providers in other countries, and your Personal Information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

 

7.     Data Security

We care about the security of your information and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Website. These measures are designed to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. However, no security system is impenetrable and we cannot guarantee the security of our systems or your Personal Information.

Abstract utilizes bank level encryption and security standards for data at rest and on all connections when transmitting sensitive data between the user facing client application and our server.

Data Server

Abstract deploys the server application on AWS EC2 server and uses AWS S3 to securely store user documents. The AWS infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure AWS data centers. AWS manages dozens of compliance programs in its infrastructure.

Security in the cloud is much like security in on-premises data centers—only without the costs of maintaining facilities and hardware. As an AWS customer Abstract inherits all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of their most security-sensitive customers. The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards:

  • SOC 1/ISAE 3402, SOC 2, SOC 3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018

Data Backup and Disaster Recovery

Abstract maintains the data backup and disaster recovery plan that are designed to be enacted in the event of system failure or data breach. Abstract Platform is deployed on at least two data centers on AWS, so a failure of a single component will not interrupt service. Copies of all data uploaded to Amazon S3 and Amazon Glacier are created and stored across at least three devices in a single AWS Region. Abstract also uses aws cloud-native tools that can evolve backup solution into one for disaster recovery, to rebuild on-premises environments and create resiliency against natural disasters and failures.

Permission Based Access Control

Access Abstract Platform and other user interface such as dashboards is tightly controlled by permission-based user account and credentials. Each customer is assigned by Abstract with a unique user ID and user generated strong password. Abstract also employs two-factor authentication to add an extra layer of security to ensure that the customer is the only person who can get access to his/her account on Abstract, even if the customer’s password is compromised

 

8.     Children’s Privacy

We do not knowingly collect or solicit any information from anyone under the age of 16 on our Website. In the event that we learn that we have inadvertently collected Personal Information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 16, please contact us at support@abstracttokenization.com.

 

9.     Links to Other Websites and Services

The Website may contain links to and from third party websites of our business partners and social media sites and our users may post links to third party websites. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. To the extent any features or linked websites you visit are not owned or operated by Abstract, we are not responsible for the privacy policies or practices of those third parties.

 

10.  How to Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us support@abstracttokenization.com.

You may also write to us at:

Abstract IQ.

Attn: Legal - Privacy

15 Lake Bellevue, Suite 200

Bellevue, WA 98004

 

11.  Changes to Our Privacy Policy

We may modify or update this Privacy Policy at any time to reflect the changes in our business and practices, and so you should review this page periodically. If we make material changes to this Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Website. We may (and, where required by law, will) also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Website. Any modifications to this Privacy Policy will be effective upon posting (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

 

12.  Additional Information For European Users

Personal Information

References to Personal Information in this Privacy Policy are equivalent to “personal data” governed by European Union data protection legislation.

Controller

Abstract IQ, Inc. is the data controller for the processing of your Personal Information as described in this Privacy Policy for purposes of European data protection legislation. See the Contact Us section above for our contact details.

Legal bases for processing

We use your Personal Information only as permitted by law. We are required to inform you of the legal bases of our processing of your Personal Information, which are described in the table

below. If you have questions about the legal basis of how we process your Personal Information, contact us at support@abstracttokenization.com.


Processing purpose

Legal basis

To provide our Services

Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services.

Processing purpose

Legal basis

To communicate with you

To manage our recruiting and process employment applications

To create anonymous data for analytics

For compliance, fraud prevention and safety

These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). In addition, we only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.

To comply with law

Processing is necessary to comply with our legal obligations

With your consent

Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at support@abstracttokenization.com.

Automated decision making

We, or a third party verification provider, may perform automated identification, KYC, and AML checks, and verifications of your financial status, which may lead to an automated refusal of access to our Service. These checks are necessary for entering into, or performing, a contract with you; and are authorized by relevant law, e.g., to prevent fraud. If you believe that you have been wrongfully refused access to the Service, you may contact us at support@abstracttokenization.com, and we will review the information you provide.

Use for new purposes

We may use your Personal Information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention

We will only retain your Personal Information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, the applicable legal requirements, and the statute of limitations.

When we no longer require the Personal Information we have otherwise collected about you, we will dissociate such information from the information attached to your content. In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you. Your rights

European data protection laws give European users certain rights regarding their Personal Information. If you are located within the European Union, you may ask us to take the following actions in relation to your Personal Information that we hold:

        Withdraw consent. Withdraw any consent you previously provided to us. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

        Access. Provide you with information about our processing of your Personal Information and give you access to your Personal Information.

        Correct. Update or correct inaccuracies in your Personal Information.

        Delete. Delete your Personal Information.

        Transfer. Transfer a machine-readable copy of your Personal Information to you or a third party of your choice.

        Restrict. Restrict the processing of your Personal Information.

        Object. Object to our reliance on our legitimate interests as the basis of our processing of your Personal Information.

You can submit these requests by email to support@abstracttokenization.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your Personal Information or response to your requests regarding your Personal Information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here. Cross-Border Data Transfer

Whenever we transfer your Personal Information out of Europe to countries not deemed by the European Commission to provide an adequate level of Personal Information protection, the transfer will be based:

        Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield, or Binding Corporate Rules

        Pursuant to the consent of the individual to whom the Personal Information pertains

        As otherwise permitted by applicable European requirements.

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information out of Europe.