Privacy & Confidentiality

Our Commitment to Privacy
 

At Kraken Open Source Investigations (KrakenOSI), we are fully committed to protecting the privacy and confidentiality of our clients. As an EU-based firm operating in the Netherlands, we adhere strictly to the General Data Protection Regulation (GDPR) and maintain the highest ethical standards in all our open source intelligence activities.

​

This policy explains how KrakenOSI handles personal information:

 

Main Content

 

KrakenOSI as Data Controller
 

Kraken Open Source Investigations (KrakenOSI) is the data controller responsible for the personal data processed in connection with the services provided.
 

Location: Netherlands (EU).
 

Contact: KrakenOSI@protonmail.com

 

No Data Protection Officer (DPO) has been appointed, as the processing activities do not meet the criteria requiring one under GDPR (core activities do not involve large-scale processing of sensitive data or large-scale systematic monitoring).

 

Personal Data Collected
 

KrakenOSI collects only the minimum personal data necessary:

• Contact details (name, email address, company name, telephone if provided) supplied when inquiring about or engaging services.

• Any additional information voluntarily shared during consultations or retainer agreements.

 

KrakenOSI does not collect sensitive (special category) personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data, except where strictly required by law or with explicit consent and appropriate safeguards.

 

Purposes and Lawful Basis for Processing
 

KrakenOSI processes personal data for the following purposes and on these lawful bases:

• To provide competitive intelligence, competitor profiling, monitoring, benchmarking, regulatory intelligence, and related strategic services- based on contract performance or steps taken at the request of the data subject prior to entering a contract.

• To communicate about engagements, deliverables, and inquiries- based on legitimate interests or contract.

• To comply with legal obligations (e.g., tax, accounting, or regulatory requirements).

 

Where processing relies on legitimate interests, KrakenOSI has assessed that these interests are not overridden by the rights and freedoms of the data subject.

 

Recipients of Personal Data
 

Personal data is not sold or rented. It may be shared only with:

• Trusted service providers (e.g., secure email or cloud storage providers) acting as processors under GDPR-compliant agreements.

• Legal or regulatory authorities when required by law.

 

No transfers of personal data to countries outside the EEA occur unless adequate safeguards (such as Standard Contractual Clauses) are in place.

 

Retention Period
 

Personal data is retained only as long as necessary for the purpose for which it was collected, to fulfill contractual obligations, or to meet legal requirements. Retention periods are determined by the nature of the engagement and applicable law. Data is securely deleted or anonymized when no longer needed.

 

Data Subject Rights

Under the GDPR, individuals have the following rights regarding their personal data held by KrakenOSI:

• Right of access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restriction of processing

• Right to data portability

• Right to object to processing

• Right to withdraw consent at any time (where consent is the lawful basis) -withdrawal does not affect the lawfulness of processing before withdrawal

 

To exercise any of these rights, contact KrakenOSI here. KrakenOSI will respond without undue delay and within one month (extendable in complex cases). Individuals also have the right to lodge a complaint with the relevant supervisory authority in the Netherlands (Autoriteit Persoonsgegevens) or in their country of residence.

 

Automated Decision-Making and Profiling
 

KrakenOSI does not carry out automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

 

Confidentiality in Competitive Intelligence Work
 

All client engagements, reports, dashboards, and communications are handled with strict confidentiality. Open source intelligence activities rely exclusively on publicly available information and follow ethical standards, including the SCIP Code of Ethics. No covert or unlawful collection methods are used.

 

Security Measures
 

KrakenOSI implements appropriate technical and organizational measures to protect personal data, including secure email (ProtonMail), access controls, and encrypted storage where applicable.

​

US and Global Clients
 

KrakenOSI welcomes clients from the United States and around the world. As an EU-based company, KrakenOSI applies GDPR standards as the baseline for all personal data processing.

 

For clients or individuals in the United States (including California residents subject to the California Consumer Privacy Act (CCPA / CPRA)), KrakenOSI provides equivalent transparency and rights where applicable. KrakenOSI does not sell personal information. KrakenOSI does not share personal information for cross-context behavioral advertising.

 

If you are a California resident, you may exercise rights similar to those listed above by contacting KrakenOSI at KrakenOSI@protonmail.com. KrakenOSI will handle such requests in a timely manner consistent with applicable US state privacy laws.

 

For clients in other jurisdictions, KrakenOSI strives to meet relevant local privacy expectations while maintaining GDPR-level protections.

 

Updates to This Policy
 

KrakenOSI may update this Privacy Policy to reflect changes in practices or legal requirements.

 

The current version is effective April 2026. Continued use of services after changes constitutes acceptance of the updated policy.

​

Questions regarding this Privacy Policy or how KrakenOSI protects personal data?
 

Contact KrakenOSI here.

 

​