GDPR Compliance

At FalconBlockchain, we are committed to protecting the privacy and rights of individuals in the European Union (EU) and European Economic Area (EEA). This GDPR Compliance Statement outlines our approach to data protection in accordance with the General Data Protection Regulation (GDPR) and its 2025 amendments.

1. Data Controller

FalconBlockchain acts as a data controller for personal data collected through our website and services. Our contact details are:

2. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact the DPO at dpo@falconblockchain.com.

3. Legal Basis for Processing

We process personal data on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

4. Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
• Right to Withdraw Consent: You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.

5. AI Systems and Automated Decision-Making

In compliance with the 2025 GDPR AI provisions, we provide the following information about our AI systems and automated decision-making:

• We use AI systems for business process automation, customer support, and personalized recommendations
• For high-risk AI applications, we conduct mandatory data protection impact assessments and maintain human oversight
• You have the right to opt out of automated decision-making that produces legal or similarly significant effects
• You have the right to explanation for AI-driven decisions affecting you and to contest such decisions
• We maintain documentation on AI system logic, significance, and envisaged consequences of processing for data subjects

6. Blockchain and GDPR Compliance

We recognize the unique challenges of reconciling blockchain technology with GDPR requirements. Our approach includes:

• Implementing privacy-by-design principles in our blockchain solutions, including data minimization and pseudonymization
• Using off-chain storage for personal data where possible, with on-chain references being pseudonymized or encrypted
• Employing technical solutions such as zero-knowledge proofs and secure multi-party computation where appropriate
• Providing alternative mechanisms to honor data subject rights for blockchain data, in accordance with the 2025 GDPR Blockchain Guidelines

7. International Data Transfers

We may transfer your personal data to countries outside the EU/EEA. When we do so, we ensure appropriate safeguards are in place in accordance with the GDPR and the 2025 Cross-Border Data Transfer Framework, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs)
• Adequacy decisions by the European Commission
• Additional technical and organizational measures as required by the 2025 Cross-Border Data Transfer Framework

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

9. Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in a high risk to the rights and freedoms of natural persons, particularly when using new technologies or when processing sensitive data on a large scale.

10. Contact and Complaints

If you have any concerns about our data processing activities, please contact our DPO in the first instance. You also have the right to make a complaint at any time to a supervisory authority. The supervisory authority in your EU member state can be found on the European Data Protection Board website.