Submission is by email to the channel for the relevant entity, as listed in the register above. Where the underlying legal instrument requires service in physical form, requests may additionally be sent by post or courier to the postal address listed for that entity.
Compliance
Guidelines for Law Enforcement.
How authorised authorities may submit formal requests to entities within the Unramp group, the information those requests must contain, and the principles by which requests will be handled.
The Unramp group of companies takes seriously its obligation to cooperate with lawful requests from law-enforcement and regulatory authorities. This page is intended for use by officers of law-enforcement agencies, regulators, supervisory authorities, tax authorities, civil-court officers and other authorities authorised under applicable law to request information from regulated financial-service providers. It is not a channel for general inquiries from members of the public.
All requests are received, reviewed and responded to by the Legal and Compliance functions of the relevant entity at Unramp’s group. Requests are handled in accordance with the requirements of European Union and national law applicable to that entity, including the GDPR, national personal-data protection laws, national anti-money-laundering laws, national criminal-procedure law and the relevant provisions of mutual legal assistance and judicial cooperation instruments.
Where to submit requests
Address the entity holding the data.
The Unramp group operates through one or more regulated entities. Requests should be addressed to the entity that holds the data sought, using the channel listed below. Where the appropriate entity cannot be identified, the central fallback channel may be used and the request will be routed internally.
Unramp OOD
Bulgaria
- Channel
- [email protected]
- Postal address
- 22 San Stefano Street, San Stefano Plaza, entrance B, 5th floor, office 16, 1504 Sofia, Bulgaria
Central fallback channel
Where the appropriate Unramp entity cannot be identified from the entity register above — for example, where the requesting authority does not yet know which entity holds the data sought — the request may be submitted to [email protected]. The request will be routed internally to the appropriate entity and the requesting authority will be informed of the routing.
How to submit a request
The submission standards.
Whichever entity is being addressed, formal requests should be submitted using the standards below.
Subject line
Subject line format: “LE REQUEST — [issuing authority] — [reference number] — [country]”.
File formats
PDF (signed and where applicable certified). Plain text and image-only submissions cannot be processed.
Languages
Each entity accepts requests in English and in the official language(s) of its home jurisdiction. Requests in other official languages will be accepted but may require additional handling time.
What every request must contain
Six things, or it comes back.
Requests that do not include this information will be returned with a request for completion before substantive review begins.
Identification of the requesting authority
Name and country of the issuing authority, the name and rank of the officer submitting the request, an official telephone number and email address through which the officer can be contacted, and any badge, registration or warrant number identifying the officer.
Legal basis of the request
The specific provision of national, European Union or international law under which the request is made. A copy of the instrument authorising disclosure (subpoena, court order, European Investigation Order, MLA letter rogatory, prosecutor’s order, regulator’s information notice, or equivalent) must be attached.
Target identification
Sufficient information to identify the customer or transaction concerned, such as one or more of: customer name and date of birth; customer email address; account or transaction identifier; wallet address; IP address; or other identifier. Generic or speculative requests cannot be processed.
Records sought
A clear and specific description of the records or information being requested, with sufficient precision to allow the records to be identified and produced. Broad or open-ended requests will be narrowed in consultation with the requesting authority.
Time period
The relevant time period to which the request relates. Requests covering an unbounded or excessive period will be narrowed in consultation with the requesting authority.
Confidentiality and notification
A clear statement as to whether the request is confidential and, if so, the legal basis for that confidentiality. Where the request is silent on confidentiality, the default approach described in the Notification section below will apply.
How requests are handled
What we will, and won’t, do.
The receiving entity aims to respond to valid requests promptly and within any deadline specified in the underlying legal instrument. It will provide an acknowledgement on receipt and keep the requesting authority informed of progress.
What the receiving entity will do
- Acknowledge receipt. Within three business days of receipt of a request that meets the minimum content requirements set out above.
- Validate the request. Confirm the authority of the requesting officer, the legal basis of the request, the proportionality of the records sought, and the receiving entity’s obligations and limitations under applicable law.
- Produce records in standard form. Where the receiving entity determines that disclosure is lawful and required, records will be produced in a structured electronic format and transmitted by secure means.
- Preserve records on lawful request. On receipt of a valid preservation request, the receiving entity will take reasonable measures to preserve relevant records for a defined period pending receipt of a formal disclosure request.
What the receiving entity will not do
- Respond to informal or unauthenticated requests. Requests received from personal email addresses, through social media, through customer-support channels, or without verifiable identification of the requesting officer cannot be processed.
- Disclose information without a lawful basis. No Unramp entity will disclose customer information in the absence of a lawful basis under applicable European Union or national law. Where such basis is contested, the receiving entity may seek clarification, challenge the request, or apply to a competent court before disclosing.
- Reverse, freeze or seize crypto-assets on informal request. Once a crypto-asset has been transferred to a customer wallet, no Unramp entity has the operational ability to reverse or recover that transfer. The receiving entity will assist with formal preservation, seizure or restraint of any pending transactions where required by a valid order, to the extent operationally possible.
- Provide expert testimony or interpretation. Records produced by Unramp entities are intended to be self-authenticating. Unramp entities do not provide witness statements, expert testimony or interpretive analysis except where compelled to do so by a competent court.
Notification to data subjects
Telling clients, within the law.
As a general principle, and in accordance with Articles 13 and 14 of the GDPR, Unramp entities inform their clients about the processing of their personal data. Disclosure of personal data to a law-enforcement authority is a form of processing that, in principle, falls within that information duty.
That information duty does not override specific legal obligations of confidentiality. Where the requesting authority identifies the request as confidential on a lawful basis — for example, where notification would prejudice an ongoing investigation, or where notification would breach the prohibition on tipping-off under anti-money-laundering law — the receiving entity will not notify the affected data subject. Where the request is silent on confidentiality, the receiving entity will consult with the requesting authority before making any notification, and will not notify the data subject without the authority’s consent.
Where notification is permitted, the receiving entity may inform the affected data subject of the nature of the request and the records disclosed, in accordance with the GDPR and applicable national personal-data protection law.
Addressing requests across the group. Where a request concerns data held by a different entity within the group, it will be routed internally to that entity, and the requesting authority will be informed in the acknowledgement. Where a foreign authority would be required to make the request through an MLA treaty, a European Investigation Order, a Hague Convention channel, or other formal judicial-cooperation route, that route should be used in preference to a direct request.
Emergency requests
Imminent risk of serious harm.
Where there is a credible, imminent risk of death or serious physical harm to a person, and that risk cannot reasonably be mitigated by routine procedures, Unramp entities will accept and prioritise emergency requests from authorised authorities.
Emergency fallback channel
Subject line
EMERGENCY — LE REQUEST — [issuing authority] — [reference number]
Required information
The nature of the imminent threat, the person at risk, the basis for believing an Unramp entity holds relevant information, and a named senior officer with contact details.
The emergency channel must not be used for routine requests; misuse may delay genuine emergencies and will be raised with the requesting authority’s supervisor.
Administrative cost recovery. Unramp entities do not, as a matter of routine, charge a fee for responding to lawful requests. Where a request is exceptionally broad, voluminous, or requires substantial bespoke technical work, the receiving entity reserves the right to recover reasonable administrative costs in accordance with applicable law, and will discuss the basis of any cost recovery before incurring the cost.
What this channel is not for
Routed elsewhere.
Customer-support queries
Transaction queries and other client communications should be directed through the Contact us page.
Complaints
Formal complaints should be submitted through the Complaints page.
Data-subject requests under the GDPR
Access, rectification, erasure, restriction, portability and objection requests by data subjects in respect of their own personal data should be directed to the Data Protection function of the relevant entity, in accordance with the Privacy Policy.
Press, media and partnership inquiries
These should be directed to the Press & Media page and the Contact us page respectively.
Routine supervisory correspondence
Routine supervisory correspondence with the competent authority of each Unramp entity is handled through that authority’s direct channels with the entity, not through the channels on this page.
This page sets out the general approach of Unramp group entities to requests from authorised authorities and is published for the convenience of those authorities. It does not constitute a waiver of any procedural right, a guarantee of any outcome, or legal advice. Each request will be considered on its own facts and on the basis of the legal instrument relied upon by the requesting authority.
© Unramp OOD.