The Chain Limited - Data Processing Notice


This notice sets out how The Chain Limited ("TCL") process data on individuals, clients and service providers that TCL interacts with.

About us

TCL is a provider of information security services, incorporated and based in Guernsey, company no. 52604.

Data we hold

We process data in order to provide information security assurance and advisory services. The types of data we collect and process includes:

Purposes of processing


Lawful basis

To enter into client relationships and provide information security services

  • The legitimate interest of The Chain Limited as a provider of information security services to process personal data for the purpose of providing those services
  • In order to support legal proceedings
  • To fulfil a contract we have entered into to provide information security services

To ensure the security of TCL premises, systems and staff

The legitimate interests of TCL in preventing and detecting unauthorised access to its premises, systems and data

To provide evidence in support of audits and other reviews

The legitimate interests of TCL in providing information security assurance and advisory services, to ensure it meets legal, regulatory and ethical obligations

Sources and recipients of data

Sources include clients, service providers, or open-source material. Potential recipients include:

All data is held within the EU, UK or Channel Islands.

Rights of data subjects

Data subjects for whom TCL holds data may have rights in respect of their personal data. To exercise those rights, including withdrawal of consent, right of access, or to update, correct or erase data, data subjects should send requests to

Retention and destruction of data

TCL only retains data for as long as necessary to fulfil the purpose for which it was collected. Primary retention controls include:

Destruction is subject to the exception where data cannot be removed for legal, regulatory or technical reasons.

Changes to this privacy notice

This notice will be updated from time to time and published on our website at This notice was last updated on 18th May 2021.