Privacy Policy

Last Updated: 15 May 2026

1. Introduction

International Digital Asset Association ("IDAA", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (idaa.uk) or use our services.

This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Data Controller: International Digital Asset Association

Company Number: 17223770 (England and Wales)

Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Contact: compliance@idaa.uk

Data Processor: EXCH Consulting LLC (Wyoming, USA) processes data on behalf of IDAA under strict data processing agreements.

3. Information We Collect

3.1 Personal Data You Provide

We collect personal data that you voluntarily provide when you:

Submit a case through our case registry
Contact us via email
Subscribe to updates or newsletters
Apply for corporate membership
Download protocol documentation

This may include:

Data Type	Examples	Purpose
Contact Information	Name, email address, company name	Communication, case processing
Case Details	Transaction data, wallet addresses, service provider information	Case documentation and registry
Professional Information	Job title, organisation, industry sector	Membership processing, protocol development

3.2 Automatically Collected Data

When you visit our website, we automatically collect:

Technical Data: IP address, browser type, device information, operating system
Usage Data: Pages visited, time spent, referral sources, click patterns
Cookies: See Section 8 for detailed cookie information

4. Legal Basis for Processing

We process your personal data under the following legal bases:

Processing Activity	Legal Basis
Case registry and documentation	Consent (explicit consent for public cases)
Email communications	Consent
Membership processing	Contract performance
Website analytics	Legitimate interests (improving services)
Compliance and legal obligations	Legal obligation

5. How We Use Your Information

We use your personal data for the following purposes:

Case Processing: Document, review, and publish (with consent) cases in our public registry
Communication: Respond to inquiries, provide updates, send protocol documentation
Service Improvement: Analyse website usage, improve user experience, develop new features
Membership Management: Process applications, manage corporate memberships
Protocol Development: Incorporate feedback, develop standards, engage stakeholders
Legal Compliance: Comply with legal obligations, respond to regulatory requests
Security: Protect against fraud, abuse, and security threats

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted service providers who assist us in operating our website and services:

EXCH Consulting LLC: Operating partner, technical infrastructure
Web Hosting: Website hosting and content delivery
Email Services: Communication and newsletter delivery
Analytics: Website usage analysis and improvement

All service providers are bound by data processing agreements and process data only as instructed by IDAA.

6.2 Public Case Registry

Cases submitted to our public registry are published only with your explicit written consent. Published cases may include:

Case ID and status
Service provider information
Transaction details (anonymised or redacted as appropriate)
Regulatory escalation status

You have the right to withdraw consent and request case removal at any time.

6.3 Legal Requirements

We may disclose your data if required by law, regulation, legal process, or governmental request, including:

Compliance with court orders or subpoenas
Cooperation with law enforcement
Protection of IDAA's legal rights
Prevention of fraud or security threats

6.4 No Third-Party Marketing

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States (via EXCH Consulting LLC).

We ensure appropriate safeguards are in place:

Data Processing Agreements with service providers
Standard Contractual Clauses (SCCs) for transfers outside UK/EEA
Adequacy decisions where applicable

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and analyse website performance.

8.2 Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Website functionality, security	Session
Analytics Cookies	Website usage analysis, performance improvement	Up to 2 years
Preference Cookies	Remember your settings and preferences	Up to 1 year

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

Case Data: Retained for 7 years from case closure (regulatory and legal compliance)
Email Communications: Retained until you unsubscribe or request deletion
Membership Data: Retained for duration of membership plus 2 years
Website Analytics: Aggregated data retained indefinitely; individual data anonymised after 26 months

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

10.1 Right of Access

Request a copy of the personal data we hold about you.

10.2 Right to Rectification

Request correction of inaccurate or incomplete data.

10.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal and regulatory obligations.

10.4 Right to Restrict Processing

Request limitation on how we use your data.

10.5 Right to Data Portability

Receive your data in a structured, machine-readable format.

10.6 Right to Object

Object to processing based on legitimate interests or direct marketing.

10.7 Right to Withdraw Consent

Withdraw consent for processing activities that rely on consent.

10.8 Exercising Your Rights

To exercise any of these rights, contact us at compliance@idaa.uk. We will respond within one month.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Incident response procedures

While we strive to protect your data, no method of transmission over the internet is 100% secure. You provide data at your own risk.

12. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or website notice.

14. Contact Us

For questions about this Privacy Policy or our data practices, contact:

International Digital Asset Association

Data Protection Contact: compliance@idaa.uk

71-75 Shelton Street, Covent Garden

London, United Kingdom, WC2H 9JQ

Company Number: 17223770

15. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately.

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113