How We Protect Your Data

Chain Logic ("Company") processes personal data in accordance with the General Data ProtectionRegulation (EU) 2016/679 (GDPR) and applicable Dutch and international privacy legislation.

The Company may process:

• Identification data (name, title, employer, company details)
• Contact data (email address, phone number, business address)
• Contractual and billing data• Communication records and correspondence
• Technical data (IP address, device information, website analytics)
• Supplier and procurement-related data provided within the scope of services

Personal data is processed solely for:
‍
• Performance of consulting and advisory services
• Contract management and invoicing
• Compliance with legal obligations
• Risk management and internal governance
• Marketing communication (where consent applies)

Processing is based on contractual necessity, legal obligation, legitimate interest, or explicitconsent where required.

Data is retained only as long as necessary to fulfil contractual obligations and comply with statutoryretention periods.

Personal data may be shared with:
‍
• Professional advisers (legal, tax, audit)
• IT and hosting providers
• Regulatory authorities when legally requiredPersonal data is never sold.

Where data is transferred outside the EU/EEA, appropriate safeguards such as StandardContractual Clauses (SCCs) are implemented.

Appropriate technical and organisational measures are implemented, including access control,encryption where applicable, and confidentiality agreements with personnel and subcontractors.

Data subjects have the right to access, rectify, erase, restrict processing, object, request portability,and lodge a complaint with the Dutch Data Protection Authority.

Where Chain Logic acts as a data processor on behalf of a client, a separate Data ProcessingAgreement shall apply.