PRIVACY POLICY
Effective Date: 1 January 2026 Last Updated: 1 January 2026
Company: CRE Global
Website: https://creglobal.eu
Contact: info@creglobal.eu
1. WHO WE ARE
CRE Global is an international digital asset recovery and blockchain intelligence firm specialising in cryptocurrency fraud investigations, scam tracing, and asset recovery services. We operate across Europe and internationally, providing investigative, analytical, and advisory services to individuals and businesses who have suffered losses as a result of cryptocurrency fraud or digital asset theft.
When we refer to “CRE Global”, “we”, “us”, or “our” in this Privacy Policy, we are referring to CRE Global and all services provided through our website at https://creglobal.eu
We are the Data Controller for all personal data collected through this website and our services, as defined under the General Data Protection Regulation (EU) 2016/679 (GDPR).
For all privacy-related enquiries, please contact us at: ๐ง info@creglobal.eu ๐ https://creglobal.eu
2. OUR COMMITMENT TO YOUR PRIVACY
We understand that the individuals who contact CRE Global are often in a position of significant vulnerability. They have experienced financial fraud, suffered substantial losses, and are placing a high level of trust in our firm. The personal information they share with us โ including details of their financial situation, the nature of the fraud they experienced, and the evidence they hold โ is among the most sensitive data we could be entrusted with.
We make the following commitments to every individual whose data we process:
- We will never sell, rent, or commercially exploit your personal data
- We will never share your data with any third party without your explicit knowledge and consent, except where legally required
- We will hold your data only for as long as is necessary and legally required
- We will protect your data using industry-standard security measures at all times
- We will be fully transparent about what data we collect, why we collect it, and what we do with it
- We will always respect and facilitate your rights as a data subject under the GDPR
3. WHAT PERSONAL DATA WE COLLECT
Depending on how you interact with our website and services, we may collect and process the following categories of personal data:
3.1 Data You Provide Directly
Contact and Identity Data:
- Full name
- Email address
- Country of residence
- Preferred contact method
Case-Related Data:
- Type of fraud experienced
- Approximate financial amount lost
- Date and timeframe of the fraud
- Detailed description of the fraud or incident
- Wallet addresses and transaction IDs
- Names of platforms, individuals, or entities involved in the fraud
- Screenshots, documents, and other evidence files submitted
- Any other information voluntarily provided in connection with your case
Communication Data:
- All correspondence between you and CRE Global via email, contact forms, or other channels
3.2 Data Collected Automatically
When you visit our website, we may automatically collect certain technical data including:
- IP address
- Browser type and version
- Operating system
- Referring website
- Pages visited and time spent on each page
- Date and time of your visit
- Device type and screen resolution
3.3 Cookies and Tracking Data
We use cookies and similar tracking technologies on our website. Please refer to our Cookie Policy (Section 13) for full details of the cookies we use and how to manage your preferences.
4. HOW WE USE YOUR PERSONAL DATA
We process your personal data only where we have a lawful basis to do so under the GDPR. The following table explains how we use your data and the legal basis for each use:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Responding to your case enquiry | Name, email, case details | Legitimate interests / Pre-contractual steps |
| Providing investigation and recovery services | All case-related data | Performance of contract |
| Conducting blockchain trace and analysis | Wallet addresses, transaction IDs | Performance of contract |
| Communicating with law enforcement or authorities | Case data (with your knowledge) | Legal obligation / Legitimate interests |
| Sending case updates and correspondence | Name, email | Performance of contract |
| Improving our website and services | Technical / analytics data | Legitimate interests |
| Complying with legal and regulatory obligations | All relevant data | Legal obligation |
| Preventing fraud and ensuring security | Technical data | Legitimate interests |
We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.
5. SENSITIVE AND SPECIAL CATEGORY DATA
Given the nature of our services, some of the information you share with us may constitute special category data under Article 9 of the GDPR, or may be particularly sensitive in nature. This includes:
- Financial data and details of financial losses
- Information that may relate to criminal activity or victimisation
- Information that may indirectly reveal your financial situation, personal relationships, or other sensitive matters
We process this data strictly on the basis of:
- Your explicit consent, provided when you submit a case enquiry or engage our services
- The establishment, exercise, or defence of legal claims where applicable
- Substantial public interest in the prevention and investigation of financial crime
We apply the highest level of care, security, and confidentiality to all sensitive data we handle.
6. WHO WE SHARE YOUR DATA WITH
We treat your personal data with the utmost confidentiality. We do not sell, rent, or trade your personal data under any circumstances. We may share your data with the following categories of third parties only where strictly necessary and with appropriate safeguards in place:
6.1 With Your Explicit Consent
- Law enforcement agencies and financial crime units
- Regulatory authorities and financial supervisory bodies
- Cryptocurrency exchanges (for the purpose of asset freeze requests)
- Legal counsel and external lawyers acting on your case
6.2 Service Providers (Data Processors)
We engage a limited number of trusted third-party service providers who process data on our behalf under strict data processing agreements:
- Web hosting providers โ for website infrastructure and security
- Email service providers โ for secure case correspondence
- Analytics providers โ for anonymised website analytics
- IT security providers โ for cybersecurity and data protection
All service providers are contractually required to process your data only on our instructions, maintain appropriate security measures, and comply fully with the GDPR.
6.3 Legal Requirements
We may disclose your personal data where required to do so by applicable law, court order, or regulatory authority. Where possible and legally permitted, we will notify you before making such a disclosure.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of CRE Global, your personal data may be transferred to the acquiring entity. We will notify you in advance of any such transfer and ensure that your data remains protected under equivalent standards.
7. INTERNATIONAL DATA TRANSFERS
CRE Global operates primarily within the European Economic Area (EEA). In certain cases, the nature of a blockchain investigation may require us to share data with partners, exchanges, or authorities located outside the EEA โ for example, in connection with cryptocurrency exchanges registered in third countries.
Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
We will never transfer your data to a third country without ensuring that an appropriate level of protection is in place and without informing you in advance.
8. HOW LONG WE KEEP YOUR DATA
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following retention periods apply:
| Data Type | Retention Period | Reason |
|---|---|---|
| Case enquiry data (no engagement) | 12 months | Follow-up and audit purposes |
| Active case data | Duration of case + 5 years | Legal proceedings and compliance |
| Completed case data | 5 years after case closure | Legal claims and regulatory requirements |
| Financial and billing records | 7 years | EU accounting and tax law |
| Website analytics data | 26 months | Industry standard |
| Email correspondence | 5 years | Legal protection and audit trail |
| Cookie data | As per Cookie Policy | See Section 13 |
After the applicable retention period, your data will be securely deleted or anonymised in accordance with our internal data destruction procedures.
9. YOUR RIGHTS UNDER THE GDPR
As a data subject under the GDPR, you have the following rights in relation to your personal data. We are committed to facilitating the exercise of these rights promptly and without unnecessary delay:
9.1 Right of Access
You have the right to request a copy of all personal data we hold about you, along with information about how it is being processed.
9.2 Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
9.3 Right to Erasure
You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where you object to processing. This right is subject to our legal obligations to retain certain data.
9.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances โ for example, while a dispute about accuracy is being resolved.
9.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to request that it be transmitted to another data controller where technically feasible.
9.6 Right to Object
You have the right to object to the processing of your personal data where it is based on legitimate interests, including for direct marketing purposes.
9.7 Right to Withdraw Consent
Where we process your data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
9.8 Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, unless you have given explicit consent or it is necessary for a contract.
To exercise any of these rights, please contact us at: ๐ง info@creglobal.eu
We will respond to all requests within 30 days of receipt. In complex cases, we may extend this period by a further two months, in which case we will notify you within the initial 30-day period.
10. DATA SECURITY
We implement comprehensive technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security measures include:
- Encryption of all data in transit using TLS/SSL protocols
- Encrypted storage of all case-related and sensitive data
- Access controls โ data is accessible only to authorised team members on a need-to-know basis
- Regular security audits and vulnerability assessments
- Secure email communications for all case correspondence
- Staff training on data protection and confidentiality obligations
- Incident response procedures in the event of a data breach
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify you directly without undue delay where the breach is likely to result in a high risk to your rights.
11. CHILDREN’S DATA
Our services are not directed at or intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data without appropriate parental consent, please contact us immediately at info@creglobal.eu and we will take prompt steps to delete that data.
12. LINKS TO THIRD-PARTY WEBSITES
Our website may contain links to third-party websites, resources, or services. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party websites and encourage you to review the privacy policies of any external sites you visit.
13. COOKIE POLICY
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device and store certain information about your preferences or past actions.
Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for the website to function correctly โ login, security, form submission | Session |
| Analytics Cookies | Track anonymised visitor behaviour to help us improve the website | 26 months |
| Preference Cookies | Remember your language and display preferences | 12 months |
| Marketing Cookies | Track visits to support relevant advertising (only if enabled) | 90 days |
Managing Your Cookie Preferences
When you first visit our website, you will be presented with a cookie consent banner allowing you to accept, reject, or customise your cookie preferences. You can change your preferences at any time by clicking the Cookie Settings link in the footer of our website.
You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
14. COMPLAINTS
If you have any concerns about how we handle your personal data, we encourage you to contact us first so we can address your concerns directly:
๐ง info@creglobal.eu
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority. If you are located in the EU, you can find your local supervisory authority at: ๐ https://edpb.europa.eu/about-edpb/about-edpb/members_en
15. CHANGES TO THIS PRIVACY POLICY
We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational procedures. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page
- Display a prominent notice on our website
- Where appropriate, notify you directly by email
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website and services after any changes constitutes your acceptance of the updated policy.
16. CONTACT US
For any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact us:
CRE Global ๐ https://creglobal.eu ๐ง info@creglobal.eu ๐ Operating across Europe
This Privacy Policy was prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable European data protection law. It is intended to provide comprehensive transparency about our data processing activities and to fully protect the rights of our clients and website visitors.