We are EO SECURITY s.r.o., with registered office at Lidická 2006/26, Černá Pole, 602 00 Brno, ID No. 05182662, registered in the Commercial Register kept at the Regional Court in Brno under file No. C 93979, e-mail firstname.lastname@example.org (hereinafter also “we”) and we would like to inform you how we will handle your personal data.
In this document you will find a complete overview of what we as data controllers will do with your personal data, why we need it, how long we keep it or what rights you have in relation to your personal data.
We may obtain your personal data in different situations. We provide you with ethical hacking services. Because we are primarily concerned about your privacy, we want to show you that your personal information is safe with us.
The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter also referred to as “GDPR“).
We completely understand that this area is not the easiest to understand, so if you have any questions, please do not hesitate to write to us at the address above. We will be happy to explain everything.
- WHAT PERSONAL DATA WILL WE PROCESS?
We will process your personal data in the following situations:
- If you contact us at email@example.com, we will process: Your name, email address, phone number, the company you are writing from and the information you leave in the email.
- Personal data that we collect when we enter into other contracts together or when we provide our services to you. In this case, we process identification data, contact data and other data necessary for the provision of services and conclusion of contracts.
- HOW DO WE USE THE INFORMATION OBTAINED AND ON WHAT LEGAL BASIS?
- We process personal data obtained from e-mail and when providing services for the purpose of delivering goods, providing services or creating a user account, where the legal basis is the performance of contractual obligations under Article 6(1)(b) of the GDPR. In addition, we will need your personal data in order to comply with our legal obligations, in particular in relation to accounting and VAT. Therefore, the legal basis for processing will also be the fulfilment of legal obligations under Article 6(1)(c) GDPR. In order to protect our own claims, for example, if you fail to pay us any amount or there is another dispute between us, we will also process personal data on the basis of our legitimate interest which is to protect our legal claims.
- We use the information obtained from cookies mainly for the purpose of analysing how you use our website or to offer you the functionalities of our website and e-shop. The legal basis will be either your consent or our legitimate interest in providing basic marketing.
- From time to time, we will send you an email offering our other services or products. This may occur mainly because you have become our customer and we may do so-called direct marketing based on legitimate interest. However, you can opt-out of receiving commercial communications at any time, either before submitting any form or in any email we send you. However, if you are not a customer of ours, we will only send you emails offering our services or products provided that you actively opt-in to receive these emails. Also in these cases, the rule that you can opt out of receiving commercial communications and thus refuse them in the future will be observed.
If we process personal data for purposes other than those set out above, we will always assess the legal basis on which we may do so and, where appropriate, obtain your consent to process your personal data.
- WHO HAS ACCESS TO YOUR PERSONAL DATA
Because we are not able to manage all of our services and e-shop ourselves, we use other entities to do so, which we call recipients of personal data under the GDPR.
The following recipients have access to your personal data:
- Our internal CRM;
- Our employees who work with us on the basis of a cooperation agreement or similar agreement.
We process your personal data on the territory of the European Union or in countries that have set up adequate data protection as in the European Union.
- HOW LONG WILL WE PROCESS YOUR PERSONAL DATA
We will only process your personal data for as long as necessary to fulfill the above purposes for which it was collected – providing services and products, completing requested transactions, or for other necessary purposes such as complying with our legal obligations, resolving disputes and legally enforcing our agreements. These needs may vary for different types of data in the context of different products and services, and therefore the actual retention period may vary significantly. Our primary contractual relationship is with each other, so we will process personal data for as long as that contractual relationship lasts. The law also provides us with various rules for document retention, an example being 10 years for the retention of accounting documents and information required in respect of VAT. In any event, we are mindful of the principle of storage limitation and if your personal data is no longer needed for the purposes for which it was collected, we will delete that data, unless you give us consent to further processing.
- WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROTECTION OF YOUR PERSONAL DATA
You have the following rights in relation to our processing of your personal data:
- the right to access to personal data;
- the right to repair;
- the right to deletion (“right to be forgotten”);
- the right to restrict data processing;
- the right to object to processing;
- the right to transferability of data;
- the right to lodge a complaint about the processing of personal data.
Your rights are explained below to give you a clearer idea of their content.
The right of access means that you can ask us at any time to confirm whether or not personal data relating to you is being processed and, if so, for what purposes, to what extent, to whom it is disclosed, for how long we will process it, whether you have the right to rectification, erasure, restriction of processing or to object, where we obtained the personal data and whether or not automated decision-making, including profiling, is taking place on the basis of the processing of your personal data. You also have the right to obtain a copy of your personal data.
The right to rectification means that you can ask us to correct or complete your personal data at any time if it is inaccurate or incomplete.
The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are under a legal obligation to do so, or (v) in relation to personal data for which you have given consent to the processing, you withdraw that consent.
The right to restrict processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data other than by storing it and, where appropriate, using it only with your consent or for the establishment, exercise or defence of legal claims.
The right to object means that you can object to the processing of your personal data that we process on the basis of performance for direct marketing purposes or for legitimate interest, including profiling based on our legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. If you object to processing based on other grounds, we will evaluate the objection and then tell you whether we have complied with the objection and will no longer process your data, or that the objection was not justified and processing will continue. In any event, processing will be restricted until the objection is resolved.
The right to data portability means that you have the right to obtain personal data relating to you which you have provided to us on the basis of consent or contract and which is also processed by automated means, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted directly to another controller.
If you have a comment or complaint regarding data protection, a query or exercise any of your rights, please contact us at. We will respond to your questions or comments within one month.
Our activities are also overseen by the Data Protection Authority, to whom you can lodge a complaint if you are dissatisfied. You can find out more on the Authority’s website https://www.uoou.cz/