• Services
  • Solutions
  • About Us
    • Schedule consultation

    Privacy Notice

    Last updated on:
    Chain Veritas (hereinafter “we,” “us,” or the “Company”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in line with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and applicable Lithuanian data protection laws, including the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter “Lithuanian Data Protection Law”).

    By visiting our websites, engaging our services, or interacting with us, you agree to the terms of this Privacy Policy, as updated from time to time. If you have questions or require additional information about our data handling practices, please contact us using the details provided in Section 10 below.

    1. KEY TERMS AND DEFINITIONS

    Personal Data
    Any information relating to an identified or identifiable natural person (the "data subject"), as defined under GDPR Art. 4(1).

    Processing
    Any operation or set of operations performed on personal data, whether or not by automated means (collection, use, storage, disclosure, etc.).

    Controller
    The entity (Chain Veritas in this case) which determines the purposes and means of processing personal data.

    Processor
    Any third-party entity that processes personal data on behalf of the Controller under a contractual agreement (e.g., cloud hosting providers, analytics services).

    Data Subject
    Any identified or identifiable natural person about whom personal data are processed by the Controller.

    GDPR
    Regulation (EU) 2016/679 – the General Data Protection Regulation, which lays down rules concerning the protection of personal data and free movement thereof within the European Union.

    Lithuanian Data Protection Law
    The Law on Legal Protection of Personal Data (Republic of Lithuania), which supplements or clarifies GDPR obligations at the national level.

    2. WHO WE ARE

    Chain Veritas is a private entity providing blockchain forensics, AML (Anti-Money Laundering) advisory, and crypto-related compliance services to businesses, government bodies, and other organizations.

    For the purposes of EU data protection legislation, Chain Veritas is the Data Controller of your personal data.

    3. SCOPE OF THIS PRIVACY POLICY

    3.1. Applicability
    This Privacy Policy applies whenever we process personal data in the context of providing our services, operating our website(s), or communicating with data subjects. It also outlines how we comply with the GDPR and Lithuanian Data Protection Law.

    3.2. Excluded Activities
    Some external sites or services we link to may have their own privacy notices or rules. We encourage you to review the privacy statements of any such external resources. Chain Veritas is not responsible for data processing by third-party websites not under our control.

    3.3. Updates to This Policy
    We may periodically update or revise this Privacy Policy. The date of the last update is indicated at the top. Changes become effective upon posting the updated Privacy Policy unless otherwise indicated. For significant changes, we may notify you via email or a prominent website notice.

    4. TYPES OF PERSONAL DATA WE COLLECT

    Depending on the nature of your relationship with us (e.g., as a visitor, client, prospective client, or business contact), we may collect various categories of personal data:

    4. TYPES OF PERSONAL DATA WE COLLECT

    Depending on the nature of your relationship with us (e.g., as a visitor, client, prospective client, or business contact), we may collect various categories of personal data:

    Note: In certain cases, we may process sensitive or special categories of data (e.g., relating to alleged criminal offenses) strictly when necessary for AML/CTF compliance, subject to the conditions of GDPR Art. 6 and Art. 10.5.

    5. LEGAL BASIS AND PURPOSES FOR PROCESSING

    We always ensure that our processing of personal data has a valid legal basis under GDPR Art. 6. The primary bases and purposes include:

    (a) Consent (GDPR Art. 6(1)(a)) When you voluntarily sign up for marketing newsletters or request certain optional services, we rely on your explicit consent (where required).
    (b) Contract Performance (GDPR Art. 6(1)(b)) Executing a contract with you or your company (e.g., to provide AML forensics or compliance advisory). We may need personal data to render our services effectively, invoice you, or communicate key project details.
    (c) Legal Obligations (GDPR Art. 6(1)(c)) Complying with AML/CTF laws (e.g., the Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing), maintaining statutory records, responding to legitimate government or regulatory requests.
    (f) Legitimate Interests (GDPR Art. 6(1)(f)) Conducting internal analytics to improve service offerings, ensuring network and information security, preventing fraud, or pursuing day-to-day business operations (balanced against data subject rights and freedoms).

    Where local laws require specific consents for certain data uses, we will request such consents separately. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.

    6. HOW WE COLLECT PERSONAL DATA6.

    1. Direct Interactions
    Filling out forms on our websites or through client onboarding questionnaires (including KYB/KYC processes).Communicating with us by email, phone, or other channels.

    6.2. Automated Technologies
    When you browse our website or online portals, we automatically collect Technical/Usage Data such as IP addresses and cookie information. We use cookies only for functional and analytical purposes, in line with GDPR and the Lithuanian Law on Electronic Communications. A separate Cookie Policy may be provided for more details.

    6.3. Third Parties & Public Sources
    Regulatory Filings: We may verify certain data against official registers or obtain documentation from third-party compliance data providers.
    Due Diligence Tools: For AML or KYC checks, we might utilize reputable third-party databases (e.g., sanctions lists, watchlists, adverse media searches).

    7. DISCLOSURE OF PERSONAL DATA

    We may share personal data with certain authorized third parties for the purposes described in this policy:

    Recipient           Reason/Purpose.       Service Providers / Processors
    Hosting providers, IT support, analytics tool vendors, or secure cloud-based platforms. All are bound by contractual obligations to process data only on our instructions.

    We do not sell or rent personal data to third parties for marketing purposes.

    8. INTERNATIONAL TRANSFERS

    Although we generally store and process data within the European Economic Area (EEA), certain partners or processors may operate outside the EEA. Whenever personal data is transferred outside the EEA, we ensure adequate safeguards are in place, such as:

    EU Commission Adequacy Decisions (if the destination country is deemed to provide an equivalent level of protection).
    Standard Contractual Clauses (SCCs) with the non-EEA recipient, supplemented by additional measures where necessary.
    Other legal transfer mechanisms recognized under Chapter V of the GDPR.

    We will provide further information about these safeguards upon request.

    9. DATA RETENTION & STORAGE

    9.1. Retention Periods
    We keep personal data for no longer than is necessary to fulfill the purposes for which it was collected, or to comply with legal obligations. Typically, AML/CTF regulations require retaining KYC files for at least 5 years after the termination of a client relationship. Certain records (e.g., transaction logs) may be retained longer if mandated by law or if a legal dispute is ongoing.

    9.2. Data Security
    We implement appropriate technical and organizational measures, including but not limited to:Encrypted data storage;Strict access controls based on roles and responsibilities;Regular security audits and training of personnel;Secure disposal or anonymization of data when no longer required.While we strive to protect personal data, no security measures are infallible. We maintain an internal breach notification policy, ensuring that any data breach is promptly addressed and, where required, reported to relevant supervisory authorities (and data subjects, if necessary under Articles 33–34 GDPR).

    10. YOUR RIGHTS AS A DATA SUBJECT
    Under the GDPR and Lithuanian Data Protection Law, you have various rights regarding your personal data:

    Right Description 

    Right of Access You can request confirmation of whether we process your personal data and obtain a copy of that data (subject to certain exceptions).
    Right to Rectification If you believe your personal data is inaccurate or incomplete, you have the right to request that we correct or update it.
    Right to Erasure (“Right to be Forgotten”) You may request deletion of your personal data if it is no longer needed for the purposes for which it was collected, or if you object to processing and there is no overriding lawful basis.
    Right to Restriction of Processing Under certain circumstances, you can request us to limit how we process your personal data (e.g., while a dispute is resolved about data accuracy).
    Right to Data Portability For data processed by automated means and collected under consent or contract basis, you can request a machine-readable copy for transfer to another provider.
    Right to Object You can object to the processing of personal data based on our legitimate interests, or request that we cease direct marketing communications.
    Right to Withdraw ConsentWhere processing is based on your consent, you can withdraw it at any time, without affecting processing previously carried out.

    To exercise your rights, please contact us using the details in Section 12. We typically respond within one month, subject to possible extensions in complex cases (GDPR Art. 12(3)). We may require verification of your identity to protect your data from unauthorized access.

    11. COOKIES AND SIMILAR TECHNOLOGIES

    Our website(s) may use cookies or similar tracking technologies to enhance user experience, analyze site usage, or store certain user preferences. Where required under Lithuanian law or the ePrivacy Directive (2002/58/EC, as amended), we will obtain your consent before storing non-essential cookies on your device.

    Strictly Necessary Cookies – essential for our website to function.
    Analytics Cookies – help us measure performance and usage trends.
    Functionality Cookies – remember your preferences to provide a more personalized experience.

    We provide more details in a Cookie Notice or dedicated cookie banner, including retention periods for each cookie category and instructions for managing or deleting cookies. Refusing cookies may limit certain functionalities of our websites.

    12. HOW TO CONTACT US / QUESTIONS & COMPLAINTS

    12.1. General Inquiries
    If you have any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please reach out to:

    Data Protection Officer

    Email: privacy@chainveritas.com

    12.2. Right to Lodge a Complaint
    If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with:

    State Data Protection Inspectorate

    We kindly request that you contact us first to resolve any complaints so we can address your concerns promptly.

    13. MISCELLANEOUS

    13.1. Links to Other Websites
    Our sites may include links to third-party websites or services with separate privacy policies. We disclaim any responsibility or liability for those external policies. We recommend reviewing each external privacy statement for clarity on their data practices.

    13.2. Policy Language
    Where this Privacy Policy is presented in multiple languages, the English version (or Lithuanian version if local law so requires) shall prevail in case of any contradictions.

    13.3. Children’s Data
    Our services are not directed at minors under the age of 18. We do not knowingly process personal data of minors without verifiable parental or guardian consent, unless legally required under AML or similar obligations. If you believe we have collected data about a minor, please contact us so we can take appropriate steps.

    13.4. Automated Decision-Making
    We do not use any automated decision-making (including profiling) that significantly affects data subjects, unless explicitly stated otherwise. Any profiling that may occur is purely for AML risk categorization in compliance with legal obligations and does not produce legal or similarly significant effects.
    Cookie Settings
    We use cookies and similar technologies on our website to enhance your browsing experience, analyze site traffic, and improve our services. By clicking ‘Accept All Cookies,’ you consent to the use of these technologies. You can choose to manage your cookie preferences or learn more in our Privacy Policy

    Cookie Settings

    We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

    These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

    These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

    These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

    These cookies help us to better deliver marketing content and customized ads.

    View Cookie Policy