Request support
Log In

GDPR Compliance and Privacy

Protecting user data and ensuring full legal compliance are fundamental principles of CZone and the entire LutinX ecosystem. Blockchain technology, transparency, and privacy coexist to guarantee security, accountability, and user control.

Why Privacy and Compliance Matter

In the digital era, protecting personal and professional data is not only an ethical duty but also a legal obligation. Every interaction — from identity verification to document notarization — generates data that must be handled responsibly and transparently.

CZone was designed with privacy-by-design and compliance-by-default principles, ensuring that every user and organization can notarize or certify files securely, without compromising personal data.

Through GDPR-compliant procedures and global privacy standards, LutinX empowers users to control their information while ensuring traceability and accountability when required by law.

GDPR Compliance at the Core

CZone fully aligns with the General Data Protection Regulation (GDPR – EU 2016/679), which governs data protection and privacy for individuals within the European Union.

Key compliance measures include:

🔐 Data Minimization:

Only essential information is processed; unnecessary or excessive data is never collected.

⚖️ Purpose Limitation:

Data is used solely for identity verification, certification, and legal validation.

🕒 Retention Control:

Personal data is stored only as long as required for verification and compliance.

🧾 Right to Access and Erasure:

Users can request access, correction, or deletion of personal information at any time.

🧩 Transparency:

All processing activities are traceable and auditable within the platform.

Every verification (KYC/KYB), timestamp, or certificate issued via CZone follows GDPR-compliant protocols, ensuring both legal validity and user privacy.

Legal Basis for Data Processing

CZone processes personal data exclusively under the lawful bases established by the GDPR, including:

  • User consent, when individuals voluntarily provide data for verification or communication.

  • Contractual necessity, when processing is required to deliver certification, KYC/KYB, or platform services.

  • Legal obligations, such as compliance with anti-fraud and anti-money-laundering regulations.

  • Legitimate interest, limited to activities necessary for platform integrity and user security.

Blockchain and Privacy: How They Coexist

One of the biggest misconceptions about blockchain is that it cannot respect privacy regulations.
LutinX’s architecture resolves this by implementing hybrid blockchain systems, combining transparency with personal data protection.

Here’s how privacy is ensured:

📄 No personal data is stored on the blockchain:

Only encrypted hashes (digital fingerprints) are recorded.

🧠 Off-chain process data management:

Sensitive details are securely managed in GDPR-compliant databases.

🔗 Blockchain as proof, not exposure:

Blockchain serves as immutable proof of existence, not as a repository of private information.

🔐 End-to-end encryption:

All data transfers are protected by multi-layer encryption.

This hybrid approach ensures that users can rely on blockchain’s immutability while maintaining full compliance with privacy laws worldwide.

KYC/KYB Verification and Data Protection

The KYC (Know Your Customer) and KYB (Know Your Business) processes within LutinX are essential for legal integrity and anti-fraud compliance.
However, privacy remains fully protected through:

  • Secure third-party verification providers.

  • Immediate encryption of identity data.

  • Controlled access — only verified, authorized parties can view sensitive information.

  • Legal traceability that protects both the individual and the institution.

This process ensures authenticity without ever compromising confidentiality.

Global Privacy Frameworks

While GDPR is the cornerstone of data privacy, CZone also complies with other international standards, including:

  • 🇺🇸 US Privacy Frameworks: California Consumer Privacy Act (CCPA) and federal data protection principles.

  • 🇨🇭 Swiss FADP: updated Swiss Federal Act on Data Protection (2023).

  • 🌏 APAC Regulations: including Singapore PDPA, Japan APPI, and South Korea PIPA.

  • 🌍 African Standards: several nations, including South Africa (POPIA) and Nigeria (NDPR), have recognized blockchain data management as compatible with their privacy laws when used for verification and timestamping.

This international compliance network ensures that CZone users are protected regardless of jurisdiction.

Third Parties and International Data Transfers

LutinX works exclusively with verified and compliant service providers that meet the highest standards of data protection and confidentiality. All third-party tools, partners, and verification services (including KYC/KYB providers, blockchain nodes, and hosting infrastructure) operate under strict contractual and technical safeguards.

Whenever personal data is transferred or processed outside the European Union, LutinX ensures full compliance with the General Data Protection Regulation (GDPR) and other applicable laws by applying the following measures:

Standard Contractual Clauses (SCCs) – approved by the European Commission.

Encryption and pseudonymization – to guarantee data security during transfer.

Adequacy decision –for countries recognized as providing an equivalent level of data protection.

LutinX performs Continuous auditing – of data processors and partners.

These safeguards ensure that all information handled through CZone maintains the same level of protection and legal reliability, regardless of geographic location.

User Control and Transparency

CZone gives every user full control over their data and visibility preferences:

Choose between public or private certificates.

Decide whether to display or hide personal identity.

Manage certificates, access logs, and privacy settings directly from the Uploads App in your dashboard.

This flexibility ensures that creators, professionals, and organizations can adapt their privacy settings to match their legal and professional needs.

Legal Value of Privacy-Compliant Certificates

Blockchain certificates issued through CZone are not just secure — they are legally compliant digital assets. Because they meet data protection and evidentiary standards, they can be used in:

Legal and commercial disputes.

Copyright and authorship claims.

Institutional and educational credentialing.

Compliance audits and due diligence.

Each certificate carries legal weight thanks to the combined power of blockchain transparency and privacy regulation adherence.

CZone demonstrates that compliance and innovation can coexist.
By combining blockchain technology with rigorous data protection measures, LutinX guarantees a digital environment where privacy, transparency, and legal validity reinforce one another.

👉Every certificate issued through CZone stands as proof that technology can protect both intellectual property and personal integrity — securely, ethically, and lawfully.

User Rights and Contact for Privacy Matters

Every user has full control over their personal data and can exercise their rights at any time under Articles 15–22 of the GDPR.
CZone and LutinX guarantee full cooperation and transparency in every privacy-related request.

Users have the right to:

  • Access their personal data and obtain a copy.

  • Request correction or deletion of inaccurate or outdated information.

  • Restrict or object to data processing in certain circumstances.

  • Request portability of their verified data to another service.

For any questions or requests concerning privacy, users can contact the dedicated LutinX Data Protection Team at:
📧 privacy@lutinx.com

All privacy-related communications are handled promptly and confidentially, with responses provided within 30 calendar days in accordance with international data protection laws.

Frequently Asked Questions

Find quick answers to the most common questions.

Yes. CZone follows all GDPR requirements, including data minimization, consent, and right to erasure.

No. Personal data is never stored on the blockchain — only encrypted references are recorded.

Yes. Users can request deletion or anonymization under GDPR’s right to be forgotten.

Only you and authorized parties (e.g., your verifier, institution, or legal authority) can access it.

Never. All verification data is encrypted and confidential.

All cross-border data flows comply with EU adequacy decisions and standard contractual clauses (SCCs).

Related Posts: