Confidentiality & Privacy

Confidentiality and Privacy Information for Kraken Open Source Investigations At Kraken Open Source Investigations, we are committed to safeguarding your privacy and ensuring the confidentiality of the information we handle. Our Open-Source Intelligence (OSINT) investigations practice is guided by publicly available data, but we acknowledge the critical role of privacy and data protection laws. Here's our approach to privacy: Confidentiality Data Handling: All data we collect, process, or analyze is treated with the highest level of confidentiality. Non-public data involved in our investigations is protected by robust security measures. Client Confidentiality: Client information shared with us remains confidential, shared only with explicit client permission or as legally required. Privacy Practices Data Minimization: We limit data collection to what's strictly necessary for our investigations. Consent: We seek consent where it's required for processing personal data, ensuring transparency and fairness. Security Measures: We enact suitable technical and organizational security protocols to safeguard against unauthorized access, disclosure, or data alteration. Compliance with Legal Standards We adhere to the following legal frameworks: United States: Federal Data Privacy Laws: Compliance with HIPAA for health data, GLBA for financial data, where appropriate. State-Specific Regulations: We follow state laws like the CCPA, where applicable. U.S. Department of Homeland Security Privacy European Union: General Data Protection Regulation (GDPR): Our practices align with GDPR when dealing with EU citizens' data, emphasizing data protection by design, rights of data subjects, and breach notifications. Official GDPR Portal European Commission - Data Protection The Netherlands: Dutch Data Protection Authority (Autoriteit Persoonsgegevens): We comply with Dutch data protection laws, which are in line with GDPR, ensuring we meet the stringent requirements for data processing within the Netherlands. Dutch Data Protection Authority Current OSINT Laws United States: The latest guidelines from the Office of the Director of National Intelligence (ODNI) aim to standardize OSINT practices and encourage collaboration with the private sector. ODNI OSINT Guidelines European Union: OSINT activities must respect GDPR, with additional regional regulations potentially affecting practice. Public interest, privacy rights, and ethical considerations are key. The Netherlands: While primarily governed by GDPR, there's an emphasis on ethical OSINT practices, with specific guidelines for law enforcement and public interest investigations. Your Rights You have rights under privacy laws including: Access to your data Correction of inaccuracies Erasure of data ('right to be forgotten') Restriction of processing Data portability Objection to processing Right not to be subject to automated decision-making For more information on how to exercise these rights, please contact us. Updates and Contact We regularly update our practices to reflect legal changes or technological advances. For privacy inquiries or to exercise your data rights: Email us at: KrakenOSI@protonmail.com Feedback We appreciate feedback on our privacy practices. Please share any concerns or suggestions with us.