Privacy Policy

We are EO SECURITY s.r.o., with registered office at Lidická 2006/26, Černá Pole, 602 00 Brno, ID No. 05182662, registered in the Commercial Register kept at the Regional Court in Brno under file No. C 93979, e-mail (hereinafter also “we”) and we would like to inform you how we will handle your personal data.

In this document you will find a complete overview of what we as data controllers will do with your personal data, why we need it, how long we keep it or what rights you have in relation to your personal data.

We may obtain your personal data in different situations. We provide you with ethical hacking services. Because we are primarily concerned about your privacy, we want to show you that your personal information is safe with us.

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter also referred to as “GDPR“).

We completely understand that this area is not the easiest to understand, so if you have any questions, please do not hesitate to write to us at the address above. We will be happy to explain everything.


We will process your personal data in the following situations:


If we process personal data for purposes other than those set out above, we will always assess the legal basis on which we may do so and, where appropriate, obtain your consent to process your personal data.


Because we are not able to manage all of our services and e-shop ourselves, we use other entities to do so, which we call recipients of personal data under the GDPR.

The following recipients have access to your personal data:

We process your personal data on the territory of the European Union or in countries that have set up adequate data protection as in the European Union.


We will only process your personal data for as long as necessary to fulfill the above purposes for which it was collected – providing services and products, completing requested transactions, or for other necessary purposes such as complying with our legal obligations, resolving disputes and legally enforcing our agreements. These needs may vary for different types of data in the context of different products and services, and therefore the actual retention period may vary significantly. Our primary contractual relationship is with each other, so we will process personal data for as long as that contractual relationship lasts. The law also provides us with various rules for document retention, an example being 10 years for the retention of accounting documents and information required in respect of VAT. In any event, we are mindful of the principle of storage limitation and if your personal data is no longer needed for the purposes for which it was collected, we will delete that data, unless you give us consent to further processing.


You have the following rights in relation to our processing of your personal data:

Your rights are explained below to give you a clearer idea of their content.

The right of access means that you can ask us at any time to confirm whether or not personal data relating to you is being processed and, if so, for what purposes, to what extent, to whom it is disclosed, for how long we will process it, whether you have the right to rectification, erasure, restriction of processing or to object, where we obtained the personal data and whether or not automated decision-making, including profiling, is taking place on the basis of the processing of your personal data. You also have the right to obtain a copy of your personal data.

The right to rectification means that you can ask us to correct or complete your personal data at any time if it is inaccurate or incomplete.

The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are under a legal obligation to do so, or (v) in relation to personal data for which you have given consent to the processing, you withdraw that consent.

The right to restrict processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data other than by storing it and, where appropriate, using it only with your consent or for the establishment, exercise or defence of legal claims.

The right to object means that you can object to the processing of your personal data that we process on the basis of performance for direct marketing purposes or for legitimate interest, including profiling based on our legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. If you object to processing based on other grounds, we will evaluate the objection and then tell you whether we have complied with the objection and will no longer process your data, or that the objection was not justified and processing will continue. In any event, processing will be restricted until the objection is resolved.

The right to data portability means that you have the right to obtain personal data relating to you which you have provided to us on the basis of consent or contract and which is also processed by automated means, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted directly to another controller.

If you have a comment or complaint regarding data protection, a query or exercise any of your rights, please contact us at. We will respond to your questions or comments within one month.

Our activities are also overseen by the Data Protection Authority, to whom you can lodge a complaint if you are dissatisfied. You can find out more on the Authority’s website

CHANGES TO THE RULES Our policies may be changed from time to time. We will post any changes to our Privacy Policy at and will notify you in more detail if there are significant changes (for some services, we may notify you of policy changes by email). We archive previous versions of this policy for you to access in the future. We will send you these versions upon your request. This policy is effective from 01.10.2021