Privacy Policies

1.1. The data controller is RAMPNOW Sp. z o.o., with its registered office in Poland, ul. Uniwersytecka 13, 40-007 Katowice, Poland, incorporated under Polish law and duly registered in the Register of Companies in Poland (‘KRS’) under number 0001025453 (hereinafter referred to as the ‘Controller’).

1.2. In our activities we commit to comply with this Policy and with the requirements of the provisions of the law in force, such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR’) and the Polish Act on Personal Data Protection of 10th May 2018.

1.3. This Privacy Policy (hereinafter referred to as the ‘Policy’), sets forth the rules for the collection, processing and use of the personal data of the website’s users, interested parties and visitors.

1.4. The provision of Personal Data by users is voluntary but is required in order to be able to use the Controller’s services provided via rampnow.io

1.5. The Controller has appointed a Data Protection Officer (hereinafter referred to as ‘DPO’), who can be contacted regarding all matters relating to the processing of personal data and the exercise of rights under the GDPR. You can contact the DPO at: e-mail: [email protected]

2.1. For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below. These definitions are intended to ensure clarity and understanding of the terms used throughout this document. Unless otherwise stated, the terms and phrases defined here will be applicable across all sections of this Privacy Policy:

Client – refers to an individual or entity that has completed Rampnow’s Know Your Customer (KYC) verification process, demonstrating full compliance with Rampnow’s security, legal, and regulatory standards. A Client gains access to the full range of Rampnow’s services, including the ability to conduct transactions and engage with the platform. Clients must continuously meet verification and compliance standards to retain this status.

Controller – Rampnow, in its role as the Controller, is responsible for determining the purposes and means of processing personal data. The Controller exercises ultimate authority and discretion over data collection, processing, storage, and security, ensuring compliance with applicable laws such as the GDPR. Rampnow's responsibility extends to maintaining safeguards, monitoring data integrity, and ensuring the legal and secure handling of personal data.

Personal Data – any information relating to an identified or identifiable natural person (‘data subject’). This includes, but is not limited to, names, identification numbers, location data, and any factors that reveal an individual’s identity. The collection, processing, and storage of personal data are executed strictly under legal obligations and for specific, transparent purposes aligned with Rampnow’s services.

Processing– any operation or set of operations performed on personal data, either manually or by automated systems. This includes, but is not limited to, data collection, recording, structuring, storage, adaptation, retrieval, consultation, use, and destruction. Rampnow implements stringent controls to ensure that processing is lawful, secure, and limited to specified purposes.

Processor – any third-party entity or individual that processes personal data on behalf of Rampnow, following instructions given by Rampnow in compliance with data protection laws. Processors must adhere to the same security and confidentiality obligations, and any engagement with a processor is governed by a legally binding contract to ensure data protection standards are maintained.

Profiling – any automated processing of personal data that evaluates certain aspects of an individual, including personal characteristics such as behavior, preferences, or financial status. Rampnow may engage in profiling for purposes such as fraud prevention, security enhancements, or customer service improvements, ensuring such profiling is conducted in compliance with GDPR and is non-discriminatory.

User – an individual or entity that has initiated registration on the Rampnow platform but has not completed the KYC verification process. A User has limited access to the platform and may only browse or initiate registration activities. Until full verification is achieved, Users cannot engage in transactions or other high-risk activities. Users are subject to data collection and processing for the purposes of registration and identity verification.

Visitor – any individual who visits or navigates through Rampnow’s website without necessarily registering for an account. Visitors may have their data collected through cookies and tracking technologies to improve user experience, website functionality, and service offerings. Rampnow ensures that the collection of visitor data is in full compliance with data protection laws and provides transparency regarding the use of cookies and personal data.

2.2. Your freely given consent for data processing (Article 6 (1) (a) GDPR) concerning a request submitted via the contact form available at or using the contact data available at https://rampnow.io/contact-us wherein making contact with the Controller along with providing Personal data is treated as an expression of the required consent.

2.3. Requirements of the contract i.e. data processing is necessary for accessing and browsing rampnow.io, registering and using an account here (Article 6(1)(b) GDPR).

2.4. Compliance with a legal obligation i.e. the data processing is necessary in order to comply with the Controller’s legal obligation, such as tax obligations or obligations under Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU; Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (text with EEA relevance), hereinafter the ‘AML Directive’, and the Polish Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing (hereinafter referred to as ‘AML Act’).

2.5. The Controller’s legitimate interest (Article 6(1)(f) GDPR) including, without limitation, improving the quality of services and adapting them to the needs of the users, interested parties and visitors, responding to your requests, making the website and the services more effective, safeguarding the security of the Controller’s website, sending out the newsletter and marketing the Controller’s own products.

2.6. The Controller may process and retain personal data of Clients and Users for the purposes of:

1. ensuring compliance with obligations applicable to crypto-asset service providers, including record-keeping of all transactions and communications;
2. providing information to supervisory authorities, including the Polish Financial Supervision Authority (KNF), the European Securities and Markets Authority (ESMA), and other competent regulators;
3. Such processing is carried out strictly within the limits of MiCA and GDPR requirements.

Rampnow collects and processes personal data only to the extent strictly necessary for the purposes specified in this Policy, in particular for compliance with AML, GDPR, and MiCA obligations. No excessive or unnecessary personal data will be collected or retained.

4.1. Rampnow collects personal data directly from you during account registration, inquiry submissions, or form completions.

4.2. Rampnow collects personal data through cookies and other tracking mechanisms. These technologies may store information such as IP addresses, browser details, and user behavior to personalize the experience and improve services. Cookies may also interact with personal data to analyze user preferences. You can manage cookie preferences via browser settings, though disabling them may limit certain functionalities.

4.3. Personal data is automatically gathered as you interact with the Rampnow platform through tracking technologies.

4.4. Rampnow may collect personal data from third-party entities, such as analytics providers, advertising networks, or publicly available sources, provided they comply with applicable privacy laws.

4.5. Rampnow uses your personal data for the following purposes:

1. to provide our services and fulfill our contractual obligations;
2. to improve our website and services, and to develop new features;
3. to send you marketing communications, if you have consented to receive them;
4. to comply with our legal obligations and respond to legal requests.;
5. to protect the security and integrity of our website and services.

5.1. Under the GDPR, you have the following rights concerning your personal data:

1. right to access the personal data: you have the right to obtain information about your personal data we process and access a copy of it;
2. right to rectification: you have the right to request the correction of inaccurate or incomplete personal data;
3. right to erasure: you have the right to request the deletion of your personal data in certain circumstances;
4. right to data portability: you have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller;
5. right to restrict the processing: you have the right to request the restriction of processing your personal data in certain circumstances.
6. right to object – the data subject may at any time object to the processing in the light of the subject’s individual situation. This is not an absolute right, and in some situations it shall not apply; for example when the processing is necessary in order to protect a right;
7. right to withdraw consent: if we process your personal data based on your consent, you have the right to withdraw your consent at any time.
8. right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR
9. right to object to profiling: you have the right to object at any time to profiling carried out for direct marketing purposes or other automated decision-making. Rampnow will cease such profiling unless there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

5.2. If you submit a request to exercise any of the rights mentioned above, we will either fulfill or deny the request without undue delay. Information about actions taken in response to a request made under Articles 15–22 of the GDPR will be provided within a maximum of one month from the date the request is submitted. If we are unable to fulfill your request within one month due to its complexity or the number of requests received, we will fulfill it within an additional two months. You will be informed in advance of any extension, along with the reasons for the delay.

6.1. Your personal data is stored and protected in accordance with the principles set out in the provisions of the law in force. The Controller undertakes appropriate measures to:

1. our employees, contractors, and service providers who need access to your personal data to provide services on our behalf;
2. third parties with whom we may partner for marketing and advertising activities and also another External service providers:
   1. Sumsub - a company registered in Cyprus under number HE 424752, with its registered office at 153 Agiou Andreou, 3036 Limassol, Cyprus;
   2. Scorechain - a company registered in Luxembourg under number B199146, with its registered office at 12 avenue du Rock'n'roll ESCH sur ALZETTE, L-4361 LU.
3. authorities, courts, or other parties, when required by law or necessary to protect our rights and interests.

6.2. The Controller is authorized by law to enter into written agreements with third parties (processors) for the processing of data. Such processors may include, but are not limited to, providers of IT services, auditing firms, accounting services, outsourced personnel providers, customer support software vendors, and email service providers.

6.3. For the purpose of registering an account on https://rampnow.io and for verification of your identity, your data shall be transferred for processing to entities providing the authentication of scans of documents as a service .

6.4. The processor and any person acting under the authority of the controller or processor, who has access to personal data, shall process such data only on instructions from the controller, unless required to do so by Union law or the law of a Member State

6.5 In the event that Rampnow engages in cooperation with a third country or an international organization for which no adequacy decision under Article 45(3) of the GDPR has been issued, or where no appropriate safeguards under Article 46 of the GDPR are in place, Rampnow will only proceed if specific derogations under Article 49 of the GDPR apply, such as the explicit consent of the data subject, or where the transfer is necessary for the performance of a contract between the data subject and Rampnow.

6.6. In cases where personal data is transferred to service providers located outside the European Economic Area (EEA), such transfers will be based on: (i) an adequacy decision of the European Commission under Article 45 GDPR, or (ii) Standard Contractual Clauses (SCC) adopted by the European Commission under Article 46 GDPR. The list of entities to which data is transferred, together with the applicable safeguard mechanism, is available upon request.

7.1. Rampnow retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

7.2. After the data is no longer required, it will be securely erased in accordance with legal requirements, provided the law allows for such deletion.

7.3. Retention periods may vary depending on the nature of the data, contractual requirements, or legal obligations, including tax or anti-money laundering regulations.

8.1. Providing your personal data for the purpose of concluding and performing a brokerage services agreement is a legal requirement or necessary for the execution of the agreement. If you refuse to provide personal data necessary for the conclusion of the agreement or required for the performance of our statutory duties, we will not be able to conclude or continue the agreement, nor fulfill certain requests related to the agreement. Providing your data in a complaint, inquiry, or request is necessary for us to process and respond to it.

8.2. The personal data you provide is processed with strict security measures to prevent unauthorized access, use, modification, or disclosure. We implement encryption, secure storage methods, and access controls to ensure the confidentiality and integrity of your data. We also conduct regular evaluations to assess and enhance our data protection measures in compliance with legal standards.

8.3. You retain the right to access, rectify, erase, or restrict the processing of your personal data, as well as to object to its processing. Additionally, you have the right to data portability and the right to withdraw your consent at any time. For any concerns regarding your personal data, you may lodge a complaint with the relevant supervisory authority in your jurisdiction.

9.1. The use of the Rampnow service is allowed for individuals over the age of 18.

9.2. If you are younger than 18, do not use the Controller’s services and do not send us any information about yourself.

9.3. In accordance with Rampnow’s policy and legal obligations, the following procedure will be followed upon discovery that a user is under the age of 18:

1. upon verification that the user is underage, Rampnow will immediately suspend the account, revoking the user’s access to the Platform and its services;
2. all funds in the suspended account will be frozen. The user will not be able to initiate any transactions, withdrawals, or transfers until further notice;
3. the user will be notified via the registered email address, informing them of the account suspension, the reason for the freeze, and the next steps;
4. a comprehensive review will be conducted by Rampnow’s legal and compliance teams to assess the extent of the violation and determine the appropriate course of action in compliance with all legal obligations, including those under anti-money laundering (AML) laws and regulations;
5. based on the findings of the review, Rampnow may return the frozen funds to the original source of deposit or, where legally required, transfer the funds to a custodian or hold the funds in escrow pending further legal directives;
6. once the review is complete, Rampnow will terminate the account permanently. The user will be informed that they are permanently banned from the use of Rampnow’s services, and they will be barred from re-registering in the future
7. where required, Rampnow may report the violation to relevant authorities or regulators to ensure compliance with applicable laws.

10.1. Your personal data is processed and safeguarded in compliance with applicable legal regulations. The Controller implements necessary measures to:

1. prevent data loss, unauthorized access, use, destruction, modification, or disclosure;
2. ensure appropriate technical and organizational safeguards;
3. protect personal data based on the level of risk, including any special categories of personal data.

10.2. Considering the current state of technology, costs, nature, scope, context, and purposes of processing, as well as the rights and freedoms of individuals, such measures may include, but are not limited to, pseudonymization and encryption of personal data, ensuring the confidentiality, integrity, availability, and resilience of systems, restoration capabilities, and procedures for regularly testing, evaluating, and assessing the effectiveness of security measures implemented.

11.1. The Rampnow website may contain links to external third-party websites, services, or applications. Rampnow’s Privacy Policy does not apply to these third parties, and Rampnow disclaims any responsibility for their privacy practices, data collection methods, or content.

11.2. Users are encouraged to review the privacy policies of any third-party platforms they engage with through the Rampnow website. Rampnow shall not be held liable for any issues arising from interactions or transactions conducted on third-party sites.

12.1. Rampnow utilizes cookies and similar tracking technologies to collect, store, and process information for the purposes of personalizing user experience, improving service delivery, and analyzing the performance of the website. These cookies may collect data such as IP addresses, browser details, and interaction patterns.

12.2. Users can configure their browser settings to reject cookies or notify them when a cookie is set. However, the refusal of cookies may limit functionality or access to certain features of the website. Rampnow assumes no liability for restricted functionality if cookies are disabled.

12.3. By continuing to use the Rampnow website, users consent to the use of cookies in accordance with this policy unless expressly modified by the user through browser settings.

13.1. Rampnow reserves the right to amend this Privacy Policy at any time. All updates will be published on the Controller’s website, and users are encouraged to review the policy regularly to stay informed of any changes.

13.2. In the event of significant modifications to how Rampnow handles personal data, users will be provided with notice through a prominent announcement on the website or via direct communication, as required by applicable data protection laws.

13.3. Continued use of the website or services following any modifications to the Privacy Policy will constitute acceptance of such changes.