Rasto - Privacy Policy

Last updated 08 July 2025


“Rasto”, “we”, “us” and “our” means

- Twift Technologies Private Limited, Flat 103, Sukh Santoshi Apartment, Rani Sati Road, Sikar 332001, Rajasthan, India

- Twift Czechia s.r.o., Děčínská 552/1, Střížkov, 180 00 Praha 8, Czech Republic


We are committed to respecting your privacy.


1. About this notice

This notice explains how we collect, use, share and protect personal data when you interact with:

- the Rasto mobile application

- the rasto.co website

- any related products or services (together, the “Services”).


We act as the **data controller** under (i) the EU/UK GDPR and (ii) India’s Digital Personal Data Protection Act 2023 (“DPDP Act”).


2. Personal data we collect

We may obtain and generate directly or via trusted partners the following categories of data:

- Identity and contact: full name, date of birth, email, phone, postal address

- KYC and due-diligence: government-issued ID scans, selfie checks, proof-of-address, sanctions results

- Device and usage: IP address, device identifiers, operating system, log-in timestamps, in-app interactions

- Cookies and similar technologies: small text files or pixels that remember preferences and analyse traffic

- Third-party sources: information from payment partners, fraud-prevention agencies, public registers


Certain data is mandatory; without it we may be unable to open or maintain your account.


3. Why we use your data

- To verify your identity, open accounts and process transactions – contract fulfilment and legal obligation

- To communicate with you (support, service notices) – contract fulfilment and our legitimate interest in efficient customer service

- To improve and secure our Services – our legitimate interests in analytics, fraud prevention and performance

- To market similar products or features – your consent or our legitimate interests in product promotion

- To comply with laws and regulations (AML/CFT, tax, court orders) – legal obligation


4. Sharing your data

We disclose personal data only as necessary:

1. Within the Rasto group on a strict need-to-know basis

2. Service providers such as cloud hosts, KYC vendors and payment partners bound by contract

3. Public authorities or courts to meet legal obligations or exercise legal rights

4. Business transfers in connection with mergers, acquisitions or asset sales under confidentiality safeguards

5. With your consent for any other purpose you approve

We do not sell your data to third-party marketers.


5. International transfers

- EEA/UK - outside EEA/UK: protected by EU-approved Standard Contractual Clauses or adequacy decisions

- India - outside India: transferred in line with the DPDP Act’s permitted mechanisms

A copy or summary of safeguards is available on request.


6. Retention periods

- Regulatory / AML records: up to 10 years after account closure

- Unverified sign-ups: deleted after 3 years if KYC is not completed

- Operational logs and analytics: retained only as long as needed for security and improvement


7. Your rights

EEA / UK

- Access your data

- Rectify inaccurate data

- Erase data (where permitted)

- Restrict or object to processing

- Data portability

- Lodge a complaint with a supervisory authority


India

- Access your data

- Correct or update data

- Erase data

- Raise a grievance for timely redress

These rights may be limited, e.g. where we must keep data to meet legal obligations.

To exercise any right, email legal@rasto.co. We may request proof of identity.


8. Security

We employ encryption, access controls and regular audits to protect your data. No online service is 100 % secure, but we work continuously to minimise risk.


9. Children

Our Services are intended for individuals 18 years and older. We do not knowingly collect data from minors.


10. Changes to this notice

We may update this notice periodically. The revised version will be posted in-app and on our website with a new “Last updated” date. Material changes will be highlighted or communicated directly where feasible.


11. Contact

Email: legal@rasto.co


© 2025 Rasto. All rights reserved.


Last updated 08 July 2025


“Rasto”, “we”, “us” and “our” means

- Twift Technologies Private Limited, Flat 103, Sukh Santoshi Apartment, Rani Sati Road, Sikar 332001, Rajasthan, India

- Twift Czechia s.r.o., Děčínská 552/1, Střížkov, 180 00 Praha 8, Czech Republic


We are committed to respecting your privacy.


1. About this notice

This notice explains how we collect, use, share and protect personal data when you interact with:

- the Rasto mobile application

- the rasto.co website

- any related products or services (together, the “Services”).


We act as the **data controller** under (i) the EU/UK GDPR and (ii) India’s Digital Personal Data Protection Act 2023 (“DPDP Act”).


2. Personal data we collect

We may obtain and generate directly or via trusted partners the following categories of data:

- Identity and contact: full name, date of birth, email, phone, postal address

- KYC and due-diligence: government-issued ID scans, selfie checks, proof-of-address, sanctions results

- Device and usage: IP address, device identifiers, operating system, log-in timestamps, in-app interactions

- Cookies and similar technologies: small text files or pixels that remember preferences and analyse traffic

- Third-party sources: information from payment partners, fraud-prevention agencies, public registers


Certain data is mandatory; without it we may be unable to open or maintain your account.


3. Why we use your data

- To verify your identity, open accounts and process transactions – contract fulfilment and legal obligation

- To communicate with you (support, service notices) – contract fulfilment and our legitimate interest in efficient customer service

- To improve and secure our Services – our legitimate interests in analytics, fraud prevention and performance

- To market similar products or features – your consent or our legitimate interests in product promotion

- To comply with laws and regulations (AML/CFT, tax, court orders) – legal obligation


4. Sharing your data

We disclose personal data only as necessary:

1. Within the Rasto group on a strict need-to-know basis

2. Service providers such as cloud hosts, KYC vendors and payment partners bound by contract

3. Public authorities or courts to meet legal obligations or exercise legal rights

4. Business transfers in connection with mergers, acquisitions or asset sales under confidentiality safeguards

5. With your consent for any other purpose you approve

We do not sell your data to third-party marketers.


5. International transfers

- EEA/UK - outside EEA/UK: protected by EU-approved Standard Contractual Clauses or adequacy decisions

- India - outside India: transferred in line with the DPDP Act’s permitted mechanisms

A copy or summary of safeguards is available on request.


6. Retention periods

- Regulatory / AML records: up to 10 years after account closure

- Unverified sign-ups: deleted after 3 years if KYC is not completed

- Operational logs and analytics: retained only as long as needed for security and improvement


7. Your rights

EEA / UK

- Access your data

- Rectify inaccurate data

- Erase data (where permitted)

- Restrict or object to processing

- Data portability

- Lodge a complaint with a supervisory authority


India

- Access your data

- Correct or update data

- Erase data

- Raise a grievance for timely redress

These rights may be limited, e.g. where we must keep data to meet legal obligations.

To exercise any right, email legal@rasto.co. We may request proof of identity.


8. Security

We employ encryption, access controls and regular audits to protect your data. No online service is 100 % secure, but we work continuously to minimise risk.


9. Children

Our Services are intended for individuals 18 years and older. We do not knowingly collect data from minors.


10. Changes to this notice

We may update this notice periodically. The revised version will be posted in-app and on our website with a new “Last updated” date. Material changes will be highlighted or communicated directly where feasible.


11. Contact

Email: legal@rasto.co


© 2025 Rasto. All rights reserved.