Privacy Policy

Effective Date: September 14, 2020

Introduction

Ripple Labs Inc., Ripple Services Inc. and its subsidiaries and affiliated companies (“Ripple”, “we”, “our”, “us”) understands and respects our users’ need for privacy. This Privacy Policy explains how Ripple collects, uses and shares information we collect about you.

Applicability:

This policy applies to Information we collect when you use our websites (including our company website www.ripple.com, our RippleNet Services website, and our developer website developers.ripple.com, collectively, the “Site”), and when you interact with us, through the use of Ripple products and services (including RippleNet, collectively, the “Ripple Service” or the “Services”) described in our Terms and Conditions.

This Privacy Policy does not apply to the XRP Ledger software, which is open source, or the distributed open source global network accessed through that software (collectively, “XRP Ledger”). However, if you access XRP Ledger-related content from a hyperlink on our Site, we may collect the information identified in the “Information We Collect Automatically” sections below in connection with your use of the Site.

How we collect your information
How we use your information
How we share your information
Legal bases for processing (for EEA users)
Transfer of personal data to other countries
How we protect your information
How long we retain your information
Children’s information
Your rights
Changes to this privacy policy
Third-party services, applications and websites
Contacting us

How We Collect Your Information

INFORMATION WE COLLECT FROM OUR WEBSITES AND EVENTS:

Information You Provide to Us: We collect information you provide directly to us when you browse our Site, create an online account, post messages to our forums or wikis, provide feedback through surveys, participate in any interactive features, contests, promotions, sweepstakes, activities or events. The types of information we may collect include your name, email address, username, password, location and any other information you choose to provide.

Information We Collect Automatically through the use of Cookies and Other Tracking Technology: When you visit the Company’s website, we obtain certain information by automated means, such as cookies, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.

We may use these automated technologies to collect information about your equipment, browsing actions, and usage patterns. The information we obtain in this manner may include your device IP address, identifiers associated with your devices, types of devices connected to our services, web browser characteristics, device characteristics, language preferences, referring/exit pages, clickstream data, and dates and times of visits to our Site.

The information we collect through cookies and similar technologies helps us (1) remember your information so you will not have to re-enter it; (2) understand how you use and interact with our website; (3) measure the usability of our website and the effectiveness of our communications; and (4) otherwise manage and enhance our website, and help ensure it is working properly.

Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of our website.

INFORMATION WE COLLECT RELATING TO OUR PRODUCTS AND SERVICES:

Financial institutions and other organizations around the world, together referred to as “RippleNet Customers” use our products and services (“the Ripple Service” or “the Services”) to exchange data relating to financial transactions and, in the case of OnDemand Liquidity, settle those financial transactions.

These Ripple Services process Personal Data of individuals (“Personal Data”) in the two following contexts:

Ripple’s Provision of the Services: Personal Data that Ripple collects for its own purposes relating to the provision of the Services (for example, contact details of employees of RippleNet Customers)
Customer Use of the Services: Personal Data that RippleNet Customers collect and supply to the Ripple Service as part of their use of the Services (for example, Personal Data contained in messages or files that RippleNet customers send)

RIPPLE’S PROVISION OF THE SERVICES:

Information You Provide to Us: Ripple collects Personal Data relating to employees, officers, and/or directors of RippleNet’s Customers that is directly provided to us. Personal Data typically includes contact details such as name, title, work address, work email address, and work telephone number.

Information from Other Sources: Ripple collects information publicly available on a Customer’s website, or through publicly available resources relating to employees, officers, or directors of RippleNet’s Customers and Potential Customers. This information typically includes publicly available information such as name, title, work address, work email address, and work telephone number.

Information We Collect Automatically: Ripple may collect RippleNet usernames, user passwords, user’s Internet Protocol (“IP”) addresses, computer and connection information such as browser type, version, and operating system during the course of managing the Ripple services.

CUSTOMER’S USE OF THE SERVICES:

The OnDemand Liquidity product enables RippleNet Customers to connect to their digital asset exchange accounts in order to check balances, receive payment estimates, submit instructions for payments initiation, and check status of payments in progress.

The RippleNet Cloud product enables RippleNet Customers to connect to multiple banks and other financial institutions through one API, in order to initiate payments, purchase FX, and view and manage balances and transaction listings.

Information You Provide to Us: Through use of the Services, RippleNet may collect and process Personal Data of individuals collected by RippleNet's Customers for purposes of processing payments in accordance with the Terms and Conditions we have entered into with you.

Personal Data used for facilitating payments typically includes sender and beneficiary account name and account number (which could be the account holder’s name); description of the transaction; payment amounts and instructions; and sender and beneficiary addresses and phone number.

How We Use Your Information

RIPPLE WEBSITES AND EVENTS:

Ripple collects this data for various purposes, including to:

Respond to your comments, questions and requests and provide customer service;
Monitor and analyze trends, usage and activities in order to operate and improve our Site;
Manage your online account(s) and send you technical notices, updates, security alerts and support and administrative messages;
Organize regional or local events, and the registration and management of customer representatives that are active in RippleNet advisory and working groups;
Link or combine with information we get from others to help understand your needs and provide you with better service; and
Carry out any other purpose for which the information was collected.

RIPPLE’S PROVISION OF THE SERVICES

Ripple collects this data for purposes relating to the provision of the Services, and include the following:

The administration, monitoring, and ongoing management of the services and products;
The development, deployment, management, support, and invoicing of the services and products; and
The organization of regional or local events, and the registration and management of customer representatives that are active in RippleNet advisory and working groups.

CUSTOMER USE OF THE SERVICES

Ripple collects this data for various purposes, including to:

Respond to your comments, questions and requests and provide customer service;
Monitor and analyze trends, usage and activities in order to operate and improve our Services;
Manage your online account(s) and send you technical notices, updates, security alerts and support and administrative messages; and
Carry out any other purpose for which the information was collected.

How We Share Your Information

RIPPLE WEBSITES AND EVENTS, AND RIPPLE’S PROVISION OF THE SERVICES:

We may share your Personal Data as follows:

With vendors, consultants and other service providers who need access to such information to carry out work on our behalf;
In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of us or any third-party;
In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company;
With your consent or at your direction; and
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.

RIPPLE SUB-PROCESSORS

We use the following sub-processors to operate our Services:

Third-Party Service or Vendor	Type of Service	Location
Salesforce	Sales Data Host Platform	United States
Zendesk	Cloud-based Customer Support Services	United States
Atlassian	Cloud-based Customer Support Services	United States
Amazon Web Services	Cloud Service Provider	United States, United Kingdom
Google Cloud	Cloud Service Provider	United States
IBM Softlayer	Cloud Service Provider	United States
Auth0	Cloud-based Customer Support Services	United States

Legal Bases for Processing (For EEA Users)

If you are an individual from the European Economic Area (“EEA”), we collect and process your personal data only where we have legal basis for doing so under applicable EU laws.

The legal basis depends on the Services you use and how you use them. This means we collect and use your personal data only:

To fulfill our contractual obligations to you;
To operate our business, including to improve and develop our services, for fraud prevention purposes, improve user experience, or other legitimate interest; and/or
As otherwise in compliance with law.

If you have any questions about the legal basis for processing, please refer to the “Your Rights” section below or contact us at the address listed in the “Contact Us” section.

Transfer of Personal Data to Other Countries

We transfer your Personal Data to countries outside the United Kingdom and the European Economic Area (“EEA”), including, but not limited to the United States, where Ripple Labs Inc. Corporate Headquarters is located, and where our IT systems (including email) are located. When required for the the provision of the Services RippleNet may transfer and store Personal Data to locations in or outside the European Economic Area (“EEA”).

Ripple complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States. Ripple has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Ripple is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, you can invoke binding arbitration for complaints regarding Ripple’s Privacy Shield compliance. For further information, please refer to: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

In cases of onward transfer to third-parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, Ripple shall remain potentially liable.

In addition, if we transfer your personal information out of the European Economic Area, United Kingdom, or Switzerland and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Such safeguards may include applying the European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms.

How We Protect Your Information
We are committed to protecting your information. We maintain appropriate administrative, technical and physical safeguards designed to protect the Personal Data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

How Long We Retain Your Information

We will retain your Personal Data on file for as long as necessary for our legitimate business purposes. Please note that in certain cases, legal or regulatory obligations require us to retain specific records for a longer period of time.

Children's Information

Our Services are not directed to children under the age of 16. If you learn that a child under the age of 16 has provided us with personal information without consent, please contact us.

Your Rights

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), where applicable, to correct your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format.

Please note that we may retain certain information as required by law or for legitimate business purposes. If you would like to exercise any of these rights, please contact privacy@ripple.com.

In compliance with the Privacy Shield Principles, Ripple commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Ripple at privacy@ripple.com or at our mailing address at:

Ripple Labs Inc. Attention: General Counsel 315 Montgomery Street, 2nd Floor San Francisco, CA 94104 U.S.A.

Ripple has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Changes to This Privacy Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to the homepages of our Site or sending you an email notification). We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy.

Third-Party Services, Applications, and Websites

Certain third-party services, websites, or applications you use, or navigate to from our Services may have separate user terms and privacy policies that are independent of this Policy. This includes, for example, websites owned and operated by our customers or partners. We are not responsible for the privacy practices of these third-party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third-party service, website, and/or application prior to use.

Contacting Us

To submit questions regarding this Privacy Policy, you can contact Ripple by emailing us at privacy@ripple.com or at our mailing address at: