What is personal data?
According to the General Data Protection Regulation (GDPR), personal data refers to information about an identifiable natural person, meaning any information that can identify you as a person, or be traced back to you. Some examples of personal data include your name, address, identification number or telephone number.
What personal data do we collect?
The collection of personal data includes but is not limited to your name, e-mail address, phone number, location, or company information. The type and amount of personal data we collect depend on what you provide us in the “Quick Scan”, “Extended Scan”, “ZwartCyber Certification”, and “Contact Form” sections.
How do we collect personal data?
Automatic collection of data
ZwartCyber, like many other websites, collects some of your personal data through automatic collection methods when you visit us online to help us give you the best customer experience possible. These methods are still reliant on your consent, with the possibility to opt out of any collection mechanisms.
Cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. First party cookies are directly collected by us, sharing personal information for communication and information purposes. Third party cookies are collected by our suppliers, who we engage with for their services, to provide insight on further information such as the platform that directed you to us.
Below is a summary of the categories of cookies that may be used on our website:
Essential cookies: enable the website to fully load, fundamental for the functionality of the platform and thus not requiring your consent.
Analytics cookies: help us collect information about your interactions with our website. They provide information about your interests based on the way in which you scroll or click on our website.
Advertising cookies: used to deliver content relevant to your interests and limit the number of times you see certain marketing materials, amongst other marketing related purposes. These are used through our third party cookies and therefore not under the control of ZwartCyber directly.
Your IP address is the number identifying your computer when you access the internet. This is typically recorded, largely for IT security purposes as well as for analysis purposes.
Web beacons collect information regarding your access to our website and within our platform. These monitor your activity such as the time in which you have accessed a part of our website, and are used by ZwartCyber for the purpose of web analytics. These can largely be disabled through disabling cookies related to the beacon’s purpose.
ZwartCyber uses Google Analytics, which tracks and reports traffic through our website for analytical purposes, as third party cookies. As with our other collection methods, it is possible to opt out from Google Analytics through their add on browser extension, although the information collected by ZwartCyber will still be available for our own personal access.
Voluntary provision of data
Another collection method is that provided by you, our user, when expressing interest in our services through a request form, or subscribing to our blog/newsletter. As for the request form for our services, you provide us with your name, email address, phone number, company name, company email address, company size, scan type and the option to include a message. This information is then used for contacting purposes as well as business purposes as it will determine how we should best tailor our services to your specific needs and characteristics. This form can be found on our website on the “Contact” page, or on the “Quick Scan” and “Extended Scan” pages. As for the subscription to our blog/newsletter, we ask for your email address to fulfill your requirement and send you the latest updates on our blog via email.
By voluntarily submitting the required information, you agree to the collection and processing of your personal data for communication, information and business purposes.
How do we process your personal data?
ZwartCyber follows strict security standards as set out by Dutch Law and the GDPR as a data controller, given that it is operated by ZwartTech BV, a company incorporated in the Netherlands. These standards include the limiting of access to your personal data to those with a need to know, such as our analytics team, in turn requiring confidentiality of your information and for the purposes described within this privacy statement.
Why do we process your personal data?
Your personal information is collected for specific, explicit and legitimate purposes in a manner that is adequate, relevant and limited to what is necessary in relation to these purposes. We need your personal data in order to carry out our tasks, which include the provision of information and services. Before we are able to provide our scans or assessments, we need basic information to contact you and request additional information, and for the purpose of tailoring the service to your needs. We also use your personal data for analytical purposes and to identify any changes that should be made to our website.
We ask for your consent in the use of our automated data collection through our websites in the form of cookies, for example. In addition, the personal data provided through our website is given directly by you through the completion of contact forms used for getting in contact with us or requesting one of our services.
How long do we keep personal data?
ZwartCyber aims to retain personal data only for the time required to comply with your request or with legal or business requirements. The period for which data is retained will depend on the nature of the information as well as the circumstances under which the information was collected. Personal data may be stored for longer periods insofar as the information will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate measures to ensure safeguarding of the rights and freedoms of individuals.
ZwartCyber will otherwise keep your data until you request it to be deleted. In case of a request to delete your personal data, and in compliance with regional and national regulations, we will process this within 1 month after its submission, with the possibility of extension of another 2 months, if absolutely necessary and reliant on the complexity and number of cases. After which, a decision will be made and communicated clearly including the reasons for the decision.
ZwartCyber will only share your personal data to relevant and appropriate third parties, largely in your interests as a consumer for the purpose of conducting the service you have requested. Some instances of third party sharing include: business transactions such as transfer in a merger or acquisition, or for further business purposes such as disclosure to third parties used to support our business in the provision of a service, or for our own analytical purposes.
In addition, ZwartCyber will be under the obligation of disclosure upon valid requests by public authorities and law enforcement. Likewise, a matter of overriding public interest, health and safety or other right protection would obligate ZwartCyber to comply with third party sharing.
In any other case, ZwartCyber would ask for your consent before sharing with third parties, reliant on your consent.
Accessing third party/external links
As a data subject, you enjoy a number of rights concerning your personal data. These include:
The right to information, both in the automatic and voluntary collection of data.
The right of access, concerning purpose of processing, recipients of data, and other factors.
The right to rectification of any inaccurate data held by ZwartCyber, including the completion of incomplete data.
The right to erasure of data, applicable in certain circumstances such as lack of necessity.
The right to restriction of processing in certain circumstances.
The right to data portability, meaning the data subject receives their information in a structured and readable manner.
The right to object to the processing of their personal data in line with limited circumstances.
The right to not be subject to an automated decision as a result of their personal data.
More information on the rights of a data subject can be found within the General Data Protection Regulation (GDPR) and within Dutch regulations, as complied with by ZwartCyber and reflected in this privacy statement. Likewise, further information on your rights can be provided by the Dutch Data Protection Authority, with whom it is also possible to make a complaint regarding our processing or use of your personal data if need be.
ZwartCyber likewise complied with the relevant UK Data Protection legislation, including the UK GDPR and the Data Protection Act, as its data subjects would be in the United Kingdom and based on other territorial scope considerations under Article 3 of the UK GDPR. ZwartCyber therefore processes your personal data in a lawful, fair and transparent manner, and ensures the accuracy of your personal data.
Our services are not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under the age of 18. If we become or are made aware that we have collected personal data from children under the age of 18 without parental consent, we will take necessary steps to remove that information from our servers.
Changes to the privacy statement
This privacy statement is subject to change, subject to any changes to ZwartCyber’s privacy practices, or legislative changes affecting our obligations. In case of changes the statement will be adjusted accordingly and changes will be communicated to the pertinent people involved as affected by our privacy practices.
Security of your personal information
The security of your data is a priority of ZwartCyber, as evidenced by the number of measures in place ensuring maximum security as set out in this privacy statement. The processing of your data is done so in a manner that ensures its appropriate security, governed by integrity and confidentiality in line with UK requirements. However, no method of online transmission or electronic storage is 100% secure, regardless of our attempts to use the best possible means to protect your data. Therefore, we cannot guarantee the absolute security of your personal information on this basis.
Questions or complaints?
If you have any questions or complaints about the information set out in this statement, in regards to your personal data, or concerns regarding our privacy practices, please contact firstname.lastname@example.org and we will happily answer any questions.
Additionally, if you would like to make a request based on your rights as above mentioned, please contact email@example.com. Further contact information can be found on our website.