Privacy

Introduction

Kirgo acts as the data controller for Personal Data collected in connection with our services. This Privacy Policy describes how we collect, use, store, and disclose information about you, and the rights you have under applicable data protection laws. We are committed to transparency, data security, and safeguarding your privacy as you engage with Kirgo.

What Personal Data We Collect

  • Identity and Contact Data: name, email address, postal address, date of birth, and phone number.
  • Account Information: username, password, security questions and settings, and account preferences.
  • Financial Information and Transactions: payment method, billing address, transaction history, payout status, and related identifiers.
  • Technical and Usage Data: IP address, device identifiers, browser type, language, time zone, and information about how you interact with our services.
  • Communications and Marketing Preferences: records of your communications with us and your choices regarding marketing messages.

How We Collect Personal Data

We collect Personal Data from the following sources: directly from you when you create an account or use our services; automatically through technologies such as cookies, logs, and analytics; and from third parties including payment processors, fraud prevention providers, identity verification partners, and marketing partners. If you provide Personal Data relating to another individual, you affirm you have authority to do so and will rely on this Policy to govern that data.

Purposes and Legal Bases for Processing

We process Personal Data for purposes including: providing and maintaining Kirgo services; verifying identity and preventing fraud; processing transactions; managing accounts; communicating with you; personalizing and improving our offerings; and complying with legal obligations. Our processing is based on contractual necessity to perform our services, legitimate interests in security and operational integrity, and, where required, your consent for specific activities such as marketing communications.

International Data Transfers and Storage

Your Personal Data may be transferred to and stored in jurisdictions outside your own, including to affiliates or service providers located in other regions. We implement safeguards such as contractual arrangements and, where applicable, recognized data transfer mechanisms to protect your data. Where possible, we store and process data in the general region where you reside, subject to legal and regulatory requirements.

Cookies and Tracking Technologies

We use cookies and similar technologies to operate our services, analyze usage, and tailor experiences. We categorize cookies as strictly necessary, preferences, analytics, and advertising. You may adjust your browser settings to manage cookies; declining cookies may affect certain features or functionality.

Data Retention and Deletion

We retain Personal Data for the period necessary to fulfill the purposes described in this Policy and to comply with legal obligations. Typically, data related to your account and transactions is retained for the duration of your relationship with Kirgo and for up to seven (7) years thereafter to address regulatory, tax, fraud prevention, and dispute resolution needs. When no longer required, data is securely deleted or anonymized.

Security of Your Data

We implement appropriate organizational and technical measures to protect Personal Data from loss, unauthorized access, alteration, or disclosure. This includes access controls, encryption in transit, secure storage, regular monitoring, and incident response procedures. We require service providers processing data on our behalf to maintain equivalent safeguards and report any security incidents as required by law.

Children’s Privacy

Kirgo does not knowingly collect Personal Data from individuals under the age of 18. If we become aware that a minor has provided data, we will take steps to delete that information promptly and rectify any associated records.

Your Rights

Depending on your jurisdiction, you have rights regarding your Personal Data, including access, rectification, erasure, restriction of processing, portability, objection to processing, and withdrawal of consent where applicable. We will respond to requests within a reasonable timeframe, and in any event in accordance with applicable law, typically within thirty (30) days. If a request is complex, we may extend the period with notice. We may charge a reasonable fee or refuse requests that are unfounded, excessive, or repeated.

  • Right of Access: you may request a copy of the Personal Data we hold about you.
  • Right to Rectification: you may request correction of inaccurate or incomplete data.
  • Right to Erasure: you may request deletion of Personal Data, subject to legal obligations and contractual requirements.
  • Right to Restrict Processing: you may limit processing under certain circumstances.
  • Right to Data Portability: you may request transmission of your data to another controller where feasible.
  • Right to Object: you may object to processing carried out on grounds related to your particular situation, including direct marketing.
  • Right to Withdraw Consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.

Marketing Communications and Opt-Out

We may send you marketing communications with information about our products and events. You may opt out at any time by following the unsubscribe instructions in the message or by contacting our privacy team. Opting out will not affect transactional communications.

Data Protection Officer and Contacting Us

For questions about this Policy or to exercise your rights, contact Kirgo’s Privacy Team at [email protected]. We will respond in accordance with applicable data protection laws and provide assistance in exercising your rights.

Changes to This Policy

We may update this Privacy Policy from time to time. We will publish changes and indicate the effective date. Continued use of our services after the effective date constitutes acceptance of the updated Policy.

Governing Law and Jurisdiction

This Policy is governed by applicable data protection laws in the applicable jurisdiction and, where appropriate, by the general principles of privacy regulation applicable to online services. We will comply with valid requests from regulatory authorities and with lawful processes for data protection, where required.