6.1 Rails acts as a data controller and a data processor under applicable data security and privacy regulations when handling Personal Information unless we have entered into a data processing agreement with you in which case you would be the data controller and we would be the data processor.
6.2 Rails’s role may also differ depending on the specific situation involving Personal Information. We act in the capacity of a data controller when we ask you to submit your Personal Information that is necessary to ensure your access and use of the Website and Services. In such instances, we are a data controller because we determine the purposes and means of the processing of Personal Information, and we comply with data controllers’ obligations set forth under applicable data security and privacy regulations.
6.3 Rails acts in the capacity of a data processor in situations when you submit Personal Information through the Website and Services. We do not own, control, or make decisions about the submitted Personal Information, and such Personal Information is processed only in accordance with your instructions. In such instances, the User providing Personal Information acts as a data controller under applicable data security and privacy regulations.
6.4 Rails uses the Personal Data we collect for the following carefully considered business purposes, which also benefit our Users:
To provide you with our Services through our Website;To identify and confirm your identity when you use our Website;To improve and upgrade the Services of our Website, including but not limited to improvements made per service requests and user feedback;To maintain and analyze statistics relating to the use of our Website and/or any cooperation with governmental agencies, academic institutions, and public affairs agencies;To personalize your experience while using the Services;To facilitate transactions (your information, whether public or private, will not be sold, exchanged, transferred, or otherwise provided to any other company on any grounds without your consent, except if doing so is solely and expressly for the purpose of completing the transaction per your instruction);To regularly send e-mail and other kinds of communications or notifications (the email address that you provide while using Services may be used to receive updates to your transactions and updates, newsletters, new product or service information, and other kinds of communication, unless Rails receives specific instructions from you regarding your email preference); andTo meet other purposes as specified in the Terms of Use listed on Rails Website and any and all legal means adopted for satisfying such purposes.6.5 Processing your Personal Information depends on how you interact with the Website and Services, where you are located in the world and if one of the following applies: (i) you have given your consent for one or more specific purposes; this, however, does not apply, whenever the processing of Personal Information is subject to regulations such as California Consumer Privacy Act/California Privacy Rights Act (“CCPA/CPRA”) or European data protection law; (ii) provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) processing is necessary for compliance with a legal obligation to which you are subject; (iv) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Note that under some legislations we may be allowed to process information until you object to such processing by opting out, without having to rely on consent or any other of the legal bases. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
6.6 Rails does not sell, trade, transfer Personal Information to external parties, or allow external parties to do so on the Website. However, to the extent necessary for 1) proper functioning of Website and improvement of the Services 2) compliance with any of the applicable laws, regulations, rules or any order of courts or other competent authorities or 3) due protection of the rights, property, or safety of us or other persons, the following parties shall be excluded from such promise: our affiliates and trusted third party vendors we engage to help us operating our Website, managing our business, or providing Services directly and indirectly to the Users, provided that such parties understand and agree to keep such Personal Information confidential, under appropriate confidentiality agreements. Nevertheless, your Personal Information will not be provided to external parties for marketing, advertising, or other purposes, unless an authorization is directly obtained from you.
Additionally, we have implemented international standards to prevent money laundering, terrorist financing and circumventing trade and economic sanctions and will implement applicable Digital Asset laws and regulations in any applicable jurisdiction(s) when effective, which may require us to undertake due diligence on our Users. This may include the use of third-party data and service providers which we may cross-reference with your Personal Information.
7. PROTECTION OF PERSONAL INFORMATION (INFORMATION SECURITY)
7.1 We adopt appropriate physical, electronic, technical and managerial measures to protect and safeguard Rails and you from unauthorized access, alteration, disclosure, or destruction of your Personal Information we collect and store. We take various measures to ensure information security, including encryption of the Website communications with SSL; required two-factor authentication for all sessions; periodic review of our Personal Data collection, storage, and processing practices; and restricted access to your Personal Information on a need-to-know bases for our employees and vendors who are subject to strict contractual confidentiality obligations. The security measures that we may take include but are not limited to:
Physical measures: Records of your Personal Information will be stored in a properly locked place against loss, theft, unauthorized use, disclosure, or modification.Electronic measures: Electronic data that contain your Personal Information will be stored in properly encrypted computer systems and storage media that are subject to strict login/access restrictions.Technical measures: Proper encryption techniques, including but not limited to Secure Socket Layer Encryption technology, may be used to protect your Personal Information.Managerial measures: Only staff members duly authorized by us can access your Personal Information, and these staff members are duly trained and monitored to comply with our internal code of ethics concerning personal data protection.Other measures that we deem necessary in ensuring the safety of your Personal Information.7.2 To help us protect your Personal Information, you should maintain the secrecy of your logon ID and password you may have set up while using the Services. We shall not be held liable for damage or loss of any kind caused directly or indirectly by your own failure in maintaining the secrecy of your logon information.