Data Protection Policy of historicalbureau.com, Oleg Verbliudov the Genealogist, Historical Bureau LLC in accordance with GDPR

Effective date: 22 June 2026.

1. Introduction

This Data Protection Policy explains how HISTORICAL BUREAU LLC ("we", "us", "our", "the Company") collects, uses, discloses, and protects personal data in connection with the website https://historicalbureau.com/ (the "Website") and our genealogical and archival research services (the "Services").

We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR"). We voluntarily extend these privacy standards to all individuals located in the European Union or the European Economic Area (Art. 3(2) GDPR) and worldwide, ensuring a uniform and high level of data protection regardless of your geographic location.

2. Data Controller

The controller of your personal data is:

HISTORICAL BUREAU LLC
5830 E 2nd St, Ste 7000 #23654
Casper, WY 82609, USA
Telegram: https://t.me/HistoricalBureau
WhatsApp: https://wa.me/380677910007, +380677910007
E-mail: info@historicalbureau.com

For all matters concerning personal data, including exercising your rights under Section 13, contact us at the e-mail address above.

3. Scope of This Policy

This Policy applies to personal data of living individuals: our clients and prospective clients, visitors of the Website, and living persons whose data appears in the course of genealogical or archival research (for example, persons named in a power of attorney or in recent civil status records).

The GDPR protects living individuals only. Data relating to deceased persons falls outside the GDPR (Recital 27 GDPR). Section 10 explains how we treat historical records in practice.

4. Personal Data We Collect

We collect only the minimum data necessary to provide the Services:

5. What We Deliberately Avoid

We keep our data footprint minimal by design:

Your personal data exists with us only in the form of our direct correspondence (e-mail, Telegram, WhatsApp) and legally mandated financial records.

7. Cookies and Google Analytics

The Website uses only one category of optional cookies: Google Analytics (provided by Google LLC / Google Ireland Ltd.), used to understand how visitors use the Website.

These cookies are set only after you click "Accept" in the cookie banner. If you click "Reject", no analytics cookies are placed and the Website remains fully functional.

You may withdraw your consent at any time by clearing cookies in your browser or changing your choice in the cookie banner; withdrawal takes effect for the future (Art. 7(3) GDPR).

Google may process analytics data on servers outside the EU/EEA, including in the United States. Such transfers rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses adopted by the European Commission. Details: Google Privacy Policy.

8. Payment Processing

Payments for the Services are processed by third-party payment providers acting as independent controllers of your payment data under their own privacy policies:

We receive from these providers only the information necessary to confirm payment and to meet our tax obligations (Section 4). We store no card numbers or full banking credentials.

Please note that cryptocurrency blockchains are public and immutable by design; wallet addresses and transaction records on a blockchain remain permanently visible and lie outside our control.

9. Disclosure to Third Parties

Fulfilling a research mandate may require sharing personal data with third parties involved in tracing and obtaining legal documents on your behalf:

The 76-year rule. We share personal data contained in the records we research only where the records are younger than 76 years — the threshold under Ukrainian archival legislation at which the persons concerned are presumed to be living and the records remain under restricted access. Such disclosure occurs strictly to the extent necessary to fulfil our contractual obligation to trace and obtain legal documents on behalf of the client (Art. 6(1)(b) GDPR) or where the receiving authority requires it by law (Art. 6(1)(c) GDPR).

For records older than 76 years, the persons concerned are presumed deceased, the records are publicly accessible archival material, and we share no personal data of living persons in connection with them.

Client identity data. Independently of the age of the records, identity data of the client or of persons named in a power of attorney (Section 4) may be disclosed to notaries, authorities, and archives where such disclosure is a legal or procedural precondition for obtaining the requested documents. This disclosure rests on Art. 6(1)(b) and, where mandated, Art. 6(1)(c) GDPR.

Each recipient receives only the data strictly necessary for its role, in line with the data minimisation principle (Art. 5(1)(c) GDPR).

10. Historical Records and Deceased Persons

Our core activity is genealogical research and archival intelligence into historical records. The GDPR applies to living individuals only (Recital 27 GDPR); data of deceased persons falls outside its scope.

Where a record may concern a living person — in practice, any record younger than 76 years — we treat all personal data in it as protected under this Policy and apply the safeguards described in Section 9.

Research results are delivered to the client and stored only within our correspondence with the client (Section 4). We build no separate research database.

11. International Data Transfers

The Company is established in the United States, our research operations are based in Ukraine, and the Website is hosted by Hostinger on servers located in the Netherlands (EU).

Because our correspondence with you is inherently cross-border, personal data of EU/EEA residents may be transferred outside the EU/EEA — in particular to the USA and Ukraine. Such transfers rest on:

12. Data Retention and Deletion

13. Your Rights

Under the GDPR you have the right to:

To exercise any of these rights, e-mail us at info@historicalbureau.com. We respond within one month (Art. 12(3) GDPR). We may ask you to confirm your identity where reasonably necessary to protect your data.

14. Data Security

We apply technical and organisational measures appropriate to the risk (Art. 32 GDPR): TLS encryption of the Website and e-mail in transit, end-to-end or transport encryption of messenger communications provided by Telegram and WhatsApp, access to correspondence limited to personnel involved in your case, and EU-based hosting infrastructure.

Our minimal-data approach (Section 5) is itself a core security measure: data that we never collect or store can never be breached.

15. Children

Our Services are directed at adults. We knowingly collect data of persons under 16 only where it appears in civil records requested by an adult client (e.g., a birth record of a client's child), processed under Section 9.

16. EU Representative

Our processing of EU residents' data is occasional, small in scale, includes no large-scale processing of special categories of data (Art. 9 GDPR) or criminal-conviction data (Art. 10 GDPR), and is unlikely to result in a risk to the rights and freedoms of natural persons. On this basis we rely on the exemption in Art. 27(2)(a) GDPR from the obligation to designate a representative in the EU. All requests are handled directly by the controller (Section 2).

17. Changes to This Policy

We may update this Policy to reflect changes in our Services or in the law. The current version is always published on this page with its effective date (Section 1). Material changes affecting ongoing engagements will be communicated to affected clients by e-mail or messenger.

18. Contact

Questions about this Policy or our data practices: info@historicalbureau.com.