Last updated: December 6, 2022
These Privacy Disclosures for the European Economic Area (EEA) and the United Kingdom (UK) supplement the Chainalysis Privacy Policy, the latter of which describes the Personal Data that we collect, the sources from which we collect it, the purposes for which we use it, the limited circumstances under which we share Personal Data, and with whom we share it. These additional disclosures are made in accordance with European and UK law, including the European General Data Protection Regulation (GDPR) and the UK GDPR. Terms that are not defined here have, unless otherwise indicated, the meanings set forth in our Privacy Policy. If you are based elsewhere in the world this Disclosure does not apply to you.
The European GDPR and the UK GDPR require us to have a legal basis for processing Personal Data about you. Depending on the Personal Data and data processing activities at issue, the legal bases upon which we rely may include:
To the extent that we rely on your consent, we will not invoke another legal basis. Further details on when we collect Personal Data, what we collect, as well as how and why we use it, are set out in our Privacy Policy and below.
Registering Customers
When you register with us to receive our Services (such as our web-based services, the Chainalysis Academy, our forum, and our conferences and webinars), we may process your contact details; credit card information (when you make a purchase); professional information such as your role and company name; IP address and device information; and transaction information such as purchase and subscription information or courses that you follow. We ask for this data to create and manage your account with us; to communicate with you about your account; and, to provide you with the Service. We may rely on your consent, our legitimate interests, and/or the fulfillment of a contractual obligation as the lawful basis for processing your Personal Data. Our legitimate interests are to provide you with the Service you have requested and to ensure we deliver the Service with the appropriate quality.
Providing Our Services
When you use the Service, or when we provide our Service, we may process your contact details; professional information such as your role and company name; the login and connection information used to enable the Service; your educational information (when you sign up to the Chainalysis Academy or for any conferences or webinars); your IP address and device information; Chainalysis forum posts (where applicable); feedback to us; or Chainalysis customer support interactions. We process this Personal Data to operate or provide the Service; to carry out security checks; to fulfill our commitments to you; to contact you about your use of the Service; and, to generally improve the quality of the Service. We may rely on legitimate interests and/or the fulfillment of a contractual obligation as the legal basis for processing your Personal Data. Our legitimate interests are to provide you with the Service that you or your company have requested appropriately.
Providing the Service to You if You Are an Agent or an End User
Regarding your capacity as an end user of Chainalysis products or services, we may process your contact details; professional information such as your role and company name; the login and connection information used to enable the Service; your educational information (when you sign up to the Chainalysis Academy or for any conferences or webinars); your IP address and device information; and Chainalysis forum posts (where applicable). We ask for this Personal Data to create and manage your account with us; to communicate with you about your account; and, to provide you with the Service. We may rely on legitimate interests and/or the fulfillment of a contractual obligation as the legal basis for processing your Personal Data. Our legitimate interests are to provide you with the Service you or your company have requested appropriately.
Marketing Operations
We may process your contact details and your marketing preferences to provide you with marketing if we think you will be interested in our Service or if you sign up to receive marketing from us, such as signing up for webinars and conferences. We always carry out marketing activities based on your consent or opt-in if legally required. Otherwise, we may rely on legitimate interests and/or the fulfillment of a contractual obligation as the legal basis for processing your Personal Data. We may rely on implied consent or opt-in in some circumstances, such as if you previously contacted us about our products and Services, subscribed to our Services, declined to opt out of marketing, etc. See the section on “Marketing Communications” in our Privacy Policy for additional information.
Addressing Fraud and Security Threats
To prevent and detect fraud and unauthorized access to our customers’ accounts or the Services and our systems, we may process contact details; professional information such as your role and company name; the login and connection information used to enable the Service; your IP address and device information. We rely on our legitimate interests to minimize fraud and security issues and/or the fulfillment of a contractual obligation as a legal basis to use this Personal Data.
Compliance Requirements
To conduct security and identity checks, and to comply with other legal and regulatory requirements for screening individuals, we may process contact details; professional information such as your role and company name; the login and connection information used to enable the Service; your IP address and device information; and transaction information. We use this Personal Data to carry out identity and credit checks and address other Know Your Customer (KYC) and compliance obligations. We rely on our legitimate interests and our need to comply with legal obligations to process this information.
Analytics
To monitor how our customers and users use the Chainalysis website and the Service, and make improvements or modifications to them, we may process your IP address, device information and transaction information, and other user activity data. We rely on your consent when such Personal Data is collected via non-essential cookies if required by law, and also our legitimate interests to deliver and improve our products and services, as our legal bases.
Subject to applicable law, including relevant exemptions and exceptions, you may have the following rights concerning your Personal Data.
These rights do not apply to non-UK and non-EEA citizens, nor do they apply to anonymized data or data that does not otherwise constitute Personal Data. If you are an individual based in the UK or the EEA and you would like to exercise any of these rights described above, please email [email protected] with proof of your identity and address and describe what right you want to exercise and the information to which your request relates. To the extent permitted by applicable law, a charge may apply before we provide you with a copy of any of your Personal Data that we maintain.
To the extent required under applicable law, we will respond to you within 30 days to let you know that we have complied with the request, to ask for further information or an extension of time, or to explain why are not able to comply with the request. If you do not agree with our decision, then you can make a complaint as outlined below.
We hope that we can resolve any concerns you may have about our use of your Personal Data. However, if we are unable to resolve your query to your satisfaction, then you may exercise your right to file a complaint with a supervisory authority.
Our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet) in Denmark. Their contact information can be found here.
Please contact us if you have any questions about this Policy or the Personal Data we hold about you by email at [email protected] or by postal mail at:
Chainalysis Inc.
ATTN: Head of Privacy
114 5th Avenue, 18th Floor
New York, NY 10011