1. Company Declaration
This Policy is established by BlockWill Analytical Technologies Limited (referred to as "BlockWill" hereafter) to ensure compliance with the principles of privacy by design and by default and with applicable data protection requirements through appropriate technical and organizational measures, in line with GDPR (including Articles 24 and 25) and DIFC Data Protection Law No. 5 of 2020. It emphasizes Privacy by Design and Default principles and outlines the responsibilities and governance of the Data Protection Officer (DPO).
2. Purpose and Scope
BlockWill is committed to safeguarding personal data in line with GDPR and DIFC Data Protection Law No. 5 of 2020 requirements. This Policy provides a framework for data protection principles, accountability measures, and the integration of privacy by design in all processes involving personal data. It applies to employees, contractors, and third parties processing personal data on behalf of BlockWill. It also defines the role, responsibilities, and governance of the Data Protection Officer.
3. Core Principles
BlockWill operates on foundational principles to ensure data protection:
- Data is processed lawfully, fairly, and transparently.
- Personal data collection is purpose-specific and not excessive.
- Accuracy and timely updates of data are maintained to avoid errors.
- Data retention is limited to what is necessary for its intended purpose.
- Robust measures are in place to ensure integrity and confidentiality.
Privacy by design is at the heart of our processes. Proactive protection, privacy settings by default, and end-to-end security are embedded into our systems. Transparency and prioritization of user rights are key elements.
4. Implementation Requirements
BlockWill incorporates both technical and organizational measures to maintain compliance:
Technical Measures include privacy-enhancing technologies, access controls, encryption, and regular security testing to safeguard personal data.
Organizational Measures focus on conducting Data Protection Impact Assessments, designing systems with privacy as a priority, providing regular staff training, and ensuring vendors comply with data protection standards.
5. Roles and Accountability
5.1 Data Controller
BlockWill, as the data controller, determines the purposes and methods of data processing. It ensures:
- Implementation of adequate security measures.
- Maintenance of comprehensive records.
- Demonstration of compliance with GDPR and DIFC Data Protection Law No. 5 of 2020.
5.2 Data Protection Officer (DPO)
The DPO plays a pivotal role in overseeing BlockWill's data protection practices. The Board of Directors formally appoints the DPO, considering expertise in data protection laws and independence from operational decisions.
5.3 Responsibilities
The DPO:
- Advises BlockWill on its obligations under GDPR and DIFC Data Protection Law No. 5 of 2020 and on best practices.
- Monitors compliance with internal policies and applicable data protection requirements.
- Assists in the assessment and implementation of data protection impact assessments.
- Acts as the primary point of contact for supervisory authorities and data subjects.
- Ensures continuous improvement in BlockWill's privacy practices.
5.4 Independence and Support
The DPO reports directly to the highest management level and operates independently. BlockWill provides necessary resources, including time, support staff, and budget, to enable the DPO to fulfill their duties effectively.
5.5 Governance and Succession
The DPO's appointment is formalized through a Board resolution and communicated across the organization. Succession planning ensures continuity, and protections are in place against dismissal unless for documented gross misconduct. In such cases, a proper handover of responsibilities is mandated.
This Policy is approved by the Board of Directors of BlockWill Analytical Technologies Limited and is reviewed annually.
5.6 Performance Evaluation
The DPO's performance is evaluated based on compliance program effectiveness, incident response efficiency, and adherence to privacy by design principles. This review process fosters continuous improvement while upholding the DPO's independence.
6. Documentation Requirements
BlockWill maintains comprehensive records of all processing activities, data protection impact assessments, technical measures, and staff training. Design decisions and security controls are documented to ensure accountability and traceability.
7. Review Process
This Policy undergoes an annual review to align with evolving regulations, technological advancements, and organizational changes. Regular compliance audits and security testing ensure its effectiveness.
8. Governance and Approval
This Policy is approved by the Board of Directors of BlockWill Analytical Technologies Limited and is reviewed annually. The Data Protection Officer, reachable at privacy@blockwill.io and +971 52 545 1081, is the day-to-day point of contact for users, partners, and supervisory authorities on all matters covered by this Policy.
| Field | Detail |
|---|---|
| Policy Version | 1.0 |
| Effective Date | 19 January 2026 |
| Last Updated | 19 January 2026 |
| Approved By | Board of Directors, BlockWill Analytical Technologies Limited |
| Review Cycle | Annual, or upon material change in law, product, or corporate structure |
Contact Information
- Data Protection Officer: privacy@blockwill.io
- Phone: +971 52 545 1081
- Registered office: DIFC Innovation One, Dubai International Financial Centre, United Arab Emirates
Last updated: 19 January 2026