Privacy Policy

1 What is this about?

Your Privacy matters to ChainSecurity, which is why we comply with the applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Switzerland’s Federal Act on Data Protection (FADP).

The purpose of this Privacy Policy is to explain the types of personal data we collect from you or about you from a third party, how we use, disclose, protect and process that information, and who we share it within the context of our Services and the ChainSecurity Site, as well as certain rights you have in this respect.

2 How can I get in touch with you regarding privacy issues?

If you have any questions about this Privacy Policy, you can contact

3 What types of personal data do you collect / process?

We collect and process Personal Data that you provide to us when communicating with us (such as your name and contact information, language preference, job title, business affiliations, and other information you provide to us either directly or indirectly). The Personal Data may relate to you as well as your employees and/or agents. In some cases, the Personal Data is supplemented by data obtained from other public sources, such as company websites or online media, for the purpose of confirming your identity or position or obtaining further information to help us communicate with you.

If you are a potential recruit, we may process the following Personal Data: Name and job title; Contact information including email address, physical address, and phone number; CV/Resume, including your age and/or gender (if you provide it to us), your education, job history and similar information that you provide to us.

4 For which purposes do you process my data?

Our goals for collecting Personal Data from you is to help us do the following:

  • deliver our Services
  • verify your identity
  • improve, develop, and market our Services
  • carry out requests made by you in relation to our Services or requests you make on our Site
  • comply with any applicable law, court order, or requirements of a regulator
  • enforce our agreements with you
  • protect our rights, property or safety, along with the rights of certain third parties, including our other clients and other users of the Site or our Services,
  • carry out recruiting, and
  • use for any other purpose required or permitted by law
  • for Client analysis and insight: In situations where you have provided consent (where lawfully required), we may use log files, cookies, and other technologies to obtain Personal Data. This may include a session ID in order to track use statistics on our Site, an IP address in order to monitor Site traffic/volume, and other information as permitted by law. Our Site also contains “cookies”, log files and other technologies which you should be aware of, including Google Analytics.

5 What legal grounds do you have to process my personal data?

It is necessary for us to use or process your Personal Data for the following reasons:

  • Contract: to perform our obligations under any engagement or contract that we may have with you or your organization (i.e. to register you as a client; to provide and administer Services; and to process payments, billing, and collection.)
  • Legitimate interests: Where it is in our legitimate interest (or a third party’s legitimate interest) to use Personal   Information to ensure we are providing Services in the best way possible.(i.e. (1) to administer and manage our relationship with you, whether through accounting, auditing, or other steps linked to the performance of our business relationship; (2) to analyze and improve our communications and Services and remain compliant with our policies, and (3) to deliver the work product or Services you have hired us to provide.
  • Legal Obligations: It may be our legal obligation to use your Personal Data in order to comply with certain legal obligations imposed upon us, including but not limited to anti-money laundering, fraud, and crime prevention.
  • Consent: We may rely on your freely given consent at the time you provided your Personal Data.

6 How are you collecting personal data?

We collect Personal Data directly:

  • via our Website and electronic communications
  • when you or your organization uses our Services
  • when you or your organization offer to provide, or provides, services to us
  • when you correspond with us by electronic means using our Website
  • when you or your organization browse, complete a form or make an inquiry or otherwise interact on our Website.

We collect Personal Data indirectly:

  • through public sources
  • from public registers (such as commercial registers), news articles, sanctions lists, and Internet searches
  • when our business customers engage us to perform professional services which involve them sharing personal data they control with us as part of that engagement

7 What personal data security measures do you take?

We have implemented technical and organizational measures in an attempt to safeguard the Personal Data in our custody and control. While we always make a conscious effort to protect our systems, operations, sites, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that information, during transfer or storage, will be absolutely safe from interception.

8 Who are you sharing my personal data with?

We may, where necessary, share your Personal Data with any number of the following categories of third parties:

  • Insurers
  • Regulators/tax authorities/corporate registries
  • Professional advisers that we use, such as accountant and lawyers
  • Government or regulatory authorities
  • Third parties who provide services such as, document processing and translation services, confidential paper shredding and/or disposal companies, software providers or IT systems, IT support services, document and information storage providers
  • Third parties that are engaged in the course of your matter
  • Third party service providers who help us with client insight analytics, such as Google Analytics
  • Third party postal or courier providers who deliver our postal marketing campaigns or documents related to a client matter

We do an appropriate level of due diligence on third party contractors and assure contractually that sub-contractors are processing Personal Data in an appropriate manner and in accordance to our legal and regulatory obligations. In addition, we may use external data controllers where it is necessary in order to deliver the Services (e.g., without limitation: lawyers, accountants, or other third-party experts).

In the course of doing so, we will adhere to our legal and regulatory obligations regarding Personal Data, including, without limitation, establishing and implementing appropriate safeguards.

9 Where are you storing / transferring my data?

Your Personal Data is in Switzerland. However, we may need to transfer Personal Data to locations outside of the jurisdiction in which we provide our services to you. For example, we currently collaborate with IT service providers who are headquartered in the United States and who may process Personal Data such as for time tracking/billing purposes.

If and to the extent your Personal Data is transferred to and/or stored at a destination outside of Switzerland, we will take all steps reasonably necessary to ensure that your data is treated securely.

Unfortunately, the transmission of information via the internet cannot be completely secure. While we do our best to protect your Personal Data, we cannot guarantee the security of data that is being transmitted.

10 How long do you keep my personal data?

With respect to visitors to our Site,

  • We retain relevant Personal Data for at most, two years from the date of our last interaction with you.

For the provision of Services to clients,

  • We retain relevant Personal Data for at least 10 years from the date of our last interaction with the client and in compliance with our obligations under the EU GDPR or similar legislation around the world, or for longer if required to do so according to our regulatory obligations or professional insurance obligations. After such time, we may destroy said files without further notice or liability.

For recruiting,

  • We retain relevant Personal Data throughout the ChainSecurity recruiting process and delete Personal Data once the recruiting process is over.

11 What rights do I have regarding my personal data?

You have the following rights regarding the Personal Data we hold about you:

  • Right of access: You have the right to ask us to furnish you with a copy of the Personal Data that we hold about you. If you need additional copies or if the request is excessive or abusive, we are entitled to charge a reasonable fee.
  • Right of rectification: If Personal Data we hold about you is incomplete or inaccurate, you are entitled to ask us to rectify it.
  • Right of erasure: You can request for us to delete or remove your Personal Data in certain circumstances (i.e., where we no longer need it or if you have withdrawn your consent (where applicable)).
  • Right to restrict processing: You can ask us to block or suppress processing of your Personal Data in certain circumstances (i.e. where you dispute the accuracy of the Personal Data or object to us).
  • Right to data portability: Under certain circumstances, you have the right to obtain Personal Data you have provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to a third party.
  • Right to object: You can request that we stop processing your Personal Data.
  • Right to withdraw consent: You have the right to fully or partly withdraw your consent at any time if you have provided your consent to the collection, processing and transfer of your Personal Data. You can click on the ‘unsubscribe’ link in the email you received from us or use our contact form.
  • Right to submit a complaint with the supervisory authority: You are entitled to contact the relevant Supervisory Authority—in Switzerland, the Federal Data Protection and Information Commissioner.

12 Links to third-party apps and sites

Our Website may contain links to websites or apps that we do not operate. If you click a third-party link, you will be directed to that third party’s site or app. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

13 Cookie policy

Cookies are files with a small amount of data that are commonly used as a unique anonymous identifier. These are sent to your browser from the website you visit and stored on your computer’s hard drive. Some cookies and other technologies help sites and apps understand how their visitors engage with their services. For example, Google Analytics uses a set of cookies to collect information and report site usage statistics without personally identifying individual visitors to Google. ‘_ga’, the main cookie used by Google Analytics, enables a service to distinguish one visitor from another and lasts for 2 years. Any site that implements Google Analytics, including Google services, uses the ‘_ga’ cookie. Each ‘_ga’ cookie is unique to the specific property, so it cannot be used to track a given user or browser across unrelated websites.

Our Website uses these cookies to collect information and to improve our Website. For third-party cookies you have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Website.

14 Will this privacy policy ever change?

We may amend this Privacy Policy from time to time. We would do that to reflect any changes to our use of your Personal Data or to comply with changes in the law.

Wherever practicable, we will inform you by email of any significant changes. However, we also encourage you to reread this Privacy Policy periodically to stay up to date and informed about how we use your Personal Data.