Privacy Policy

Effective Date: November 25, 2025

1. Introduction

This Privacy Policy outlines how verifinder.pro (hereinafter “We”, “Service”, or “Agency”) collects, processes, and protects personal data. We operate not merely as a data aggregator but as a fully licensed European Detective Agency based in Poland. This status grants us a specific legal mandate to process personal data for investigative purposes, distinct from standard commercial data processors.

2. Data Controller

The Controller of your personal data is: detektywi.pro operating under the brand verifinder.pro and detektywi.pro. Registered Address: ul. Starowiejska 16/2, 81-356 Gdynia, Poland. Detective License No.: RD-77/2024 (Issued by the Ministry of Interior and Administration of Poland). Contact: contact@verifinder.pro

3. The Legal Basis for Processing (Our Unique Framework)

Unlike standard consulting firms, we process personal data under a dual legal framework that ensures both compliance and investigative effectiveness:

  1. Legitimate Interest (Art. 6(1)(f) GDPR): Processing is necessary for the legitimate interests pursued by our Clients (e.g., fraud prevention, integrity due diligence, legal claims, KYC/AML compliance).
  2. Statutory Authorization (Art. 28a of the Act on Detective Services): We operate under the Act of 6 July 2001 on Detective Services (Polish Journal of Laws 2020.129). Article 28a of this Act explicitly authorizes a licensed detective to process personal data collected during the performance of detective services without the consent of the data subjects, exclusively for the purpose of the service.

This legal basis applies to all our services, including VALIDATE (KYB), INTEGRITY (Due Diligence), and INSIGHT (Investigations).

4. Source of Data & Information Clause Exemption

We collect data primarily from Open Source Intelligence (OSINT) sources, including but not limited to public registries, corporate filings, media reports, social media, and other publicly accessible databases.

Important Note on Article 14 GDPR: In the context of our investigative services (OSINT), informing every data subject about the processing of their data is often impossible or would seriously impair the objectives of the investigation. Therefore, we rely on the exemption provided in Article 14(5)(b) GDPR (“provision of such information proves impossible or would involve a disproportionate effort” or “is likely to render impossible or seriously impair the achievement of the objectives of that processing”).

5. Purpose of Processing

We process personal data for the following purposes:

  • Corporate Due Diligence: Verifying the integrity, reputation, and background of business partners.
  • Compliance & Risk Management: Screening for PEPs (Politically Exposed Persons), Sanctions, and Adverse Media to comply with AML, FCPA, UKBA, and CSDDD regulations.
  • Fraud Prevention & Asset Tracing: Identifying hidden assets and fraudulent schemes.
  • Legal Support: Gathering evidence for civil or criminal proceedings.

6. Data Security (The EviChain Standard)

We treat data security as a chain of custody issue. We implement the EviChain Standard to ensure the integrity and authenticity of digital evidence.

  • Cryptographic Hashing: Evidence files are secured with SHA-256 checksums.

7. Data Recipients & Transfers

Your data is shared only with:

  • The Client who commissioned the specific investigation (Report recipient).
  • Authorized law enforcement or judicial authorities (only upon valid legal demand).
  • Trusted IT service providers (hosting, encrypted communication) operating within the EEA or under strict DPA agreements ensuring GDPR compliance.

We operate under the Country of Origin Principle (EU Directive 2000/31/EC). Services are legally rendered from Poland, regardless of the Client’s location within the EU.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes of the investigation and to comply with legal obligations (e.g., the requirement to archive detective case files for 5 years as mandated by Polish law).

9. Your Rights

Under GDPR, you have the right to access, rectify, or erase your personal data. However, please note that these rights may be restricted if exercising them would breach the Professional Secrecy of the Detective (Art. 12 of the Act) or impede an ongoing investigation / legal claim (Art. 23 GDPR). Requests should be sent to: contact@verifinder.pro.

10. Cookies

Our website uses essential cookies to function correctly. We may use analytics tools (e.g., Google Analytics) with IP anonymization to improve our user experience. You can manage cookie preferences in your browser settings.