Secure Chain Logo
support@chainanalytik.com +44 7861 947887 +31 20 2254559

GDPR Compliance

Your privacy rights and our commitment to data protection under European law.

1. Introduction

Secure Chain is fully committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the UK GDPR. We respect your privacy and are dedicated to protecting the personal data you entrust to us during the course of our blockchain forensics, cyber intelligence, and asset recovery services.

2. Data Controller & Data Protection Officer

For the purposes of the GDPR, Secure Chain acts as the Data Controller for the personal data we collect directly from you. We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy.

Contact our DPO: support@chainanalytik.com (Please include "FAO: Data Protection Officer" in the subject line).

3. Lawful Basis for Processing

We process your personal data strictly under the following lawful bases defined by Article 6 of the GDPR:

  • Performance of a Contract: To provide you with feasibility assessments, investigative services, and recovery operations as agreed in our service contracts.
  • Legal Obligation: To comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations, as well as requests from law enforcement agencies.
  • Legitimate Interests: To improve our cyber intelligence tools, prevent fraud, and maintain the security of our IT infrastructure.
  • Consent: Where applicable, for marketing communications (which you may withdraw at any time).

4. Your Data Subject Rights

Under the GDPR, you possess specific rights regarding your personal data. Secure Chain is committed to facilitating these rights within the statutory timeframes:

4.1 The Right to Access

You have the right to request copies of the personal data we hold about you. We will provide this information free of charge, typically within 30 days.

4.2 The Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

4.3 The Right to Erasure ("Right to be Forgotten")

You may request the deletion of your personal data. Important Note regarding Blockchain Data: Because public blockchains (like Bitcoin and Ethereum) are immutable decentralized ledgers, Secure Chain cannot delete transaction data, wallet addresses, or records that are permanently etched onto a blockchain. Our right to erasure applies only to the "off-chain" personal data (e.g., your name, email, KYC documents) stored on our internal servers, provided there is no overriding legal or regulatory obligation (such as AML retention rules) requiring us to keep it.

4.4 The Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions, such as during a dispute over the accuracy of the data.

4.5 The Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

5. International Data Transfers

As a global forensic firm, we may transfer your personal data to secure servers or partner agencies located outside the European Economic Area (EEA) or the UK. When we do so, we ensure that appropriate safeguards are in place, such as executing Standard Contractual Clauses (SCCs) approved by the European Commission, to guarantee your data receives the same level of protection as it would within Europe.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. By default, KYC documents and financial transaction records are retained for a minimum of 5 years to comply with international AML regulations.

7. How to Exercise Your Rights or Complain

To exercise any of your GDPR rights, please contact our DPO at the email address provided above.

If you feel that Secure Chain has not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with your local Supervisory Authority (e.g., the Information Commissioner's Office (ICO) in the UK, or your national Data Protection Authority in the EU).

Last Updated: March 2026