Data protection & records

Processing supports treaty performance, membership administration, financial operations, security monitoring, and transparency obligations. Specific notices are provided at collection points (forms, portals, events).

• Corporate records — statutory and archival schedules
• Supervisory exchanges — minimum retention per agreement
• Security logs — rolling retention with anomaly hold
• On-chain data — immutable by design; Chain 138 block data is permanent and publicly auditable via the explorer

Requests for access, rectification, restriction, or erasure are handled through the privacy mailbox at privacy@d-bis.org. Some requests may be limited where law requires continued processing.

Transfers to member authorities use adequacy decisions, standard contractual clauses, or treaty gateways as applicable.

Technical and organisational measures are summarised under Security. Machine-readable trust anchors at trust.json document the entity metadata and infrastructure endpoints.