Privacy Policy
Who We Are
Digital Distillery s.r.o. is a consulting firm based in Slovakia, specializing in digital forensics and cryptocurrency recovery.
Our work involves handling complex cases of digital asset loss, cyber fraud, and online scams, often requiring deep investigation and analysis of personal and technical data.
We are committed to operating within the framework of applicable data protection laws and ensuring the privacy and security of our clients’ information at all times.
What This Policy Covers
This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR).
It applies to all interactions you have with us, including online, via email, or through document exchange, and encompasses both structured and unstructured data we receive or generate during our services.
Personal Data We Process
We may collect and process the following categories of personal data:
Identity data (e.g. full name, ID documents, KYC forms, passport numbers)
Contact details (e.g. email addresses, phone numbers, residential or business addresses)
Financial information (e.g. bank account records, cryptocurrency transactions, payment details)
Device and forensic data (e.g. wallet files, IP addresses, device metadata, file logs)
OSINT data (public information relevant to investigations, including social media and registry records)
Other case-related information, including communications, witness statements, and legal correspondence
How We Collect Data
Directly from our clients through forms, document submissions, and consultations
Via email or secure uploads of sensitive documents
From publicly accessible sources as part of open-source intelligence gathering (OSINT)
Through mandated forensic imaging and analysis during investigations
From cooperation with law enforcement, attorneys, or regulated bodies acting on behalf of a party
Lawful Basis for Processing
We process personal data under the following lawful bases:
The client’s explicit consent for one or more specific purposes (Article 6(1)(a))
Our legitimate interest in conducting lawful investigations and assisting in the recovery of digital assets (Article 6(1)(f)), especially when these interests are not overridden by data subject rights
Compliance with legal obligations, such as fraud reporting or anti-money laundering regulations
How We Use Personal Data
We use personal data for purposes including, but not limited to:
Conducting fact-finding investigations and evidence analysis
Recovering or locating lost or misappropriated digital assets
Preparing and submitting law enforcement complaints, legal affidavits, or forensic reports
Internal auditing, security logging, and case documentation
Communicating with clients, stakeholders, legal professionals, and support providers involved in the matter
Sharing Personal Data
We may share data:
With verified subcontractors, consultants, or data processors bound by data protection agreements
With public authorities, legal enforcement, and relevant regulators as required or permitted by law
With technology service providers (e.g. GDPR-compliant SharePoint, encryption tools, forensic software) who help us store or manage data securely
International Data Transfers
If we need to transfer data to countries outside the EEA, we will:
Use EU Standard Contractual Clauses (SCCs) where appropriate
Seek and record the explicit consent of the data subject for specific transfers
Evaluate risk and ensure that appropriate safeguards are in place, as per GDPR Article 49
Data Retention
We retain personal data for no longer than is necessary for the purposes for which it was collected. Retention periods may vary based on the type of data and the legal requirements applicable to forensic or financial investigations. All data is reviewed periodically and securely deleted when no longer required.
Your Rights Under GDPR
You have the right to:
Request access to your personal data and obtain a copy
Rectify inaccurate or incomplete data
Request erasure (‘right to be forgotten’), under certain conditions
Restrict or object to processing based on your situation
Receive your data in a portable format when applicable
Lodge a complaint with a relevant Data Protection Authority (e.g. Slovak DPA or one in your country of residence)
How to Contact Us
For queries or to exercise my rights under POPIA, I may contact:
Digital Distillery s.r.o.
The Data Protection Officer
[email protected]
We may update this policy from time to time. Material changes will be communicated to clients and partners via email or our website. We encourage you to review this policy periodically to stay informed about how we protect your data.