Privacy Policy

The Crypto Fraud and Asset Recovery Network Limited ("CFAAR"/"we"/“us”/"our") is committed to protecting and respecting your personal information.

This Privacy Notice (“Notice”) (together with and any other documents referred to herein) sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. We are required under the applicable data protection legislation, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 to notify you of the information set out in this Notice.

We may update this Notice from time to time and you can access the most up to date version of this Notice on the CFAAR website at www.cfaar.co.uk ("Website"). This Notice was updated in May 2023. Your continued use of the services and the Website shall be deemed your acceptance of the varied Notice.

ABOUT US

CFAAR is registered as a data controller with the Information Commissioner's Office (ICO) under registration number ZB555230. This means that as a data controller, we are responsible for the means and purpose of how we use personal information we collect about you.

The CFAAR network brings together experts in crypto disputes and advisory roles to provide in-person or virtual events, seminars, webinars, and information sessions (Events) to you.

CFAAR was founded by Asset Reality, Essex Court Chambers, Grant Thornton, Osborne Clarke, Rahman Ravelli, RPC, Stewarts, and Twenty Essex (“Founder Members”).

This Notice applies to the processing of personal information provided to us by individuals for these individuals to register interest in and/ or be a member of the CFAAR network. References throughout to "you" or "your" in this Notice are references to those individuals.

YOUR PERSONAL INFORMATION

Information we collect from you

We will obtain your personal information directly from you. We collect and process some or all of the following types of information from you in the course of your use of the Website or when registering you for our Events:

Contact information that you provide by filling in forms on the Website for general enquiries or as part of the registration process. Such personal information may include your name, title, job title, the organisation you work for, country, your personal or work contact details (whichever you choose to volunteer) and any other information you choose to provide when using the Website or in attending an Event.
We may also ask you for information when you report a problem with the Website or in relation to an Event.
Payment information, such as bank card number, expiration date and security code.
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Your marketing preferences, should you choose to subscribe to our mailing list for future Events or to hear more from us.
Information about whether you open our emails or click any of the links in the emails we send to you.
Your photograph or recorded image, including any photographs or recordings of you at an in person or online CFAAR event – (although we will always make your aware of recording beforehand, so you will have the opportunity to object or avoid being recorded).
The times and dates you enter office buildings where an Event is hosted.
CCTV footage of you in office buildings.
Information about your dietary and accessibility requirements when you attend one of our catered Events.

The Website is not intended for children and we do not knowingly collect data relating to children.

The provision of your name, email address, name of your organisation and country is required from you to enable us to register you for our Events. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit as the personal information they process about you may differ.

RPC, one of the Founding Members is largely responsible for the management of Events and mailing lists. Details of their Privacy Notice can be found here – https://www.rpc.co.uk/privacy-notices/client-and-third-party-privacy-notice-uk/.

USES MADE OF YOUR INFORMATION

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new member	Contact details	Performance of a contract with you
To process any orders including to manage payments, membership fees and charges	Payment information and contact details	Performance of a contract with you
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	Contact details	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how members use our services)
To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Contact details, technical information such as an IP address	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you	Contact details, technical information and marketing preferences	(a) Consent where you have subscribed/ opted to our mailing list to hear more from us (b) Necessary for our legitimate interests (to study how members use our services, to develop them, to grow our business and to inform our marketing strategy)
To make suggestions and recommendations to you about Events or services that may be of interest to you	Contact details and marketing preferences	(a) Consent where you have subscribed/ opted to our mailing list to hear more from us (b) Necessary for our legitimate interests (to develop our services and grow our business)

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing

In addition to the above uses we may use your information (and, where you have consented, permit selected third parties to use your information), to notify you about Events or services which may be of interest to you. Where we do this, we will contact you by electronic means (e-mail or SMS) only if you have consented to such communication. If you do not want us to use your personal information in this way please either (i) tick the relevant box situated on the form on which we collect your personal information (for example, the registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform us at any time by contacting us at the contact details set out below.

SHARING YOUR INFORMATION

We may share your personal information with our Founder Members and other associated organisations for the purposes of completing tasks related to the operation of CFAAR, facilitating Events and providing other services to you on your behalf.

We may disclose your personal information to any member of our corporate group or a Founding Member, which means our subsidiaries, our ultimate holding company and its subsidiaries or within group businesses, as defined in section 1159 of the UK Companies Act 2006 (where applicable).

We may also disclose your personal data to third parties:

in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Sale and Website Terms and Conditions; or
to protect our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with the to provide the Website;
in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain services, which may be if interest to you;
our auditors or external financial or legal advisers;
regulatory authorities, government authorities and/ or law enforcement officials, if mandated by law or if needed for the protection of our legitimate interest in compliance with applicable laws; and
our suppliers, business partners, sub-contractors or business support service providers (including IT service providers, cloud platform service providers, reception staff and carters at venues used to host Events).

Other than as set out above, and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between you and us, we will not share your data with third parties unless we have procured your express consent to do so.

The data that we collect from you when you register to attend an Event or for any other services may be shared with others where required and transferred to, and stored at, a destination outside the United Kingdom and/or the European Economic Area ("EEA"). This may be where we share data with the Founding Members and others within the network, as required. Data may also be processed by staff or third party suppliers..

In the event your data is transferred to a country without an adequacy decision from the United Kingdom, any such transfer will be subject to standard contractual clauses approved by the United Kingdom’s Information Commissioner’s Office and any other appropriate safeguards which may be applicable to such transfers.

How long we keep your personal data

We will keep your personal information for no longer than is necessary for the purposes for which we process it. We determine appropriate retention periods for your personal information by considering the amount, nature and sensitivity of the information and the purposes for which we process your personal information and whether we can achieve those purposes through other means. We may also be required to retain your personal information by law or to comply with our regulatory obligations.

We may retain personal information for a short time beyond the specified retention period, to allow for information to be reviewed and any disposal to take place. Alternatively, if you are on a marketing list, we may retain your basic personal information within a suppression list should you choose to terminate your CFAAR membership.

If you would like further information, please contact us (see ‘Contact’ below).

YOUR RIGHTS

You have a number of important rights in relation to your personal information. In summary, those include rights to:

access to your personal data in certain situations and to certain other supplementary information that this Notice is already designed to address;
require us to correct any mistakes in your information which we hold;
require the erasure of personal data concerning you in certain situations;
receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
object at any time to processing of personal data concerning you for direct marketing;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
object in certain other situations to our continued processing of your personal data;
otherwise restrict our processing of your personal data in certain circumstances; and
ask us to stop marketing to you – you can exercise this right by ticking the relevant boxes on the forms we use or messages we send you where there will be an unsubscribe or opt out box to tick.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

email using the details provided below;
let us have enough information to identify you (e.g. name, registration details); and
let us know the information to which your request relates.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

CONTACT

All questions, comments and requests regarding this Notice or how we handle your personal information should be addressed to cfaar@rpc.co.uk or CFAAR, RPC, Tower Bridge House, St Katharine's Way, E1W 1AA. If you are not happy with our response, you can contact the ICO at www.ico.org.uk.