DATA BREACH MANAGEMENT TOOL
Who we are
Our website address is: https://www.databreachmanagement.com.
Last Update: 01-01-2021
• interact or use our Websites, including downloading materials from our resources page or requesting a demo,
• register and/or attend any of our events, webinars, or the conferences we attend (collectively “Events”), and
• if you use any of our products, services or applications (including any trial) (collectively the “Services”) in any manner.
Who we are
Privacy Optimization sp. z o.o. (registered in Poland, Warsaw, Przasnyska street, 01756; KRS: 0000875657, REGON: 387784119, NIP: 5252846868) is a company dedicated to help organizations to comply with privacy laws and optimize the processes. Our flagship product is Data Breach Management Tool created to automatize the analysis of data incidents and guide through the incident management.
Our lawful basis for processing
We rely on several lawful fundamentals of processing when we collect and use personal data to operate our business and provide products and services to our clients. These include:
● Legal obligations – in order to comply with the legal and regulatory obligations we are subject to as a provider of regulated services and as a commercial business.
● Contract – in order to perform contractual obligations, we may have with an individual or to take steps to enter into a contract with an individual.
● Consent – where an individual has freely given consent at the time their personal data was provided to us.
● Legitimate interests – The legitimate interests can be ours, our clients or other third parties (e.g. to provide our services, to develop or protect our business, or to keep people informed about relevant products and services) and we always balance the rights of individuals with ours’ and others’ legitimate interests.
● Public interests – where the processing of data is necessary for providing certain services to clients (e.g. statutory audit) or for certain requirements we are subject to.
Information we collect
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
We receive and store information you provide directly to us. While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personal Data may include, but is not limited to:
● Email address
● First name and last name
● Phone number
● Postal addresses
● Job titles
● Transactional information (including Services purchased), as well as any other contact or other information you choose to provide us or upload to our systems in connection with the Services.
We may also collect any Personal Data that you choose to send to us or provide to us, for example, on our “Request a Demo” (or similar) online form or if you register for Our webinar or newsletter. If you contact us through the Websites, we will keep a record of our correspondence.
Cookies and Usage Data
We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
● Session Cookies. We use Session Cookies to operate our Service.
● Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
● Security Cookies. We use Security Cookies for security purposes.
How we use your information
We may use the information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including to:
● Set up a user account,
● Provide, operate and maintain the Services;
● Process and complete transactions, and send related information, including transaction confirmations and invoices;
● Manage our customers’ use of the Services, respond to enquiries and comments and provide customer service and support;
● Send customers technical alerts, updates, security notifications, and administrative communications;
● Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities; and
● For any other purposes about which we notify customers and users.
We use your Personal Data in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities). Personal Data will be deleted based on the terms of the contract.
We use the information we collect in via websites, including to:
● Provide, operate, administer and maintain our website
● internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
● Improve, personalize, and expand our website
● Trend monitoring, marketing and advertising
● As part of our efforts to keep our Website secure
● Understand and analyze how you use our website
● Develop new products, services, features, and functionality
● Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
● Send you emails
● Find and prevent fraud
● Log Files
Our use of your Personal Data may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it (e.g. when you request a demo).
Privacy Optimization website follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.
Cookies and Web Beacons
Like any other website, Secretum website uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.
DoubleClick DART Cookie
Transfer of data
We only share personal data with others when absolutely necessary for the purposes for which we hold it and when necessary for our legitimate professional and business needs, for the purpose of executing your instructions or requests and/or as required or permitted by applicable legislation, professional standards or any applicable agreement between us, and where appropriate contractual arrangements and security mechanisms are in place.
We may share personal data only with affiliates for our lawful professional and business necessities which comprise of:
● suppliers that support us and help provide services to our clients, such as providers of cloud-based software, IT systems, security, archiving storage, recruitment, marketing and payment services, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers , CRM service providers , email service providers and other service providers who we employ to perform tasks on our behalf;
● professional advisors, auditors or insurers, where we are required by law or as reasonably required in the management of our business
● events sponsors
● law enforcement or other government and regulatory agencies or to other third parties, where we are required by law, the courts or any legal or regulatory authority we are subject to. We will only provide personal data in these circumstances where permitted or there is a legal requirement.
We do not transfer your data outside the EEA. We will inform you if we do otherwise.
How long do we keep personal data?
The personal data you submit to us will only be held for as long as is required for the purposes for which it was collected and as required by applicable law.
We keep personal data only for as long as necessary and this will reflect the requirements of:
● the activity or service for which it is being processed
● any legal, regulatory or contractual requirements
● the time in which any litigation or investigations might arise from providing a service.
Individuals have certain rights over their personal data that we process as data controllers.
If we process your personal data and you exercise any of your rights, we will aim to respond promptly and within any required time limit. However, please note that the length of time it will take us to respond will be dependent on the nature and extent of your request.
You have a right to:
● access – you can ask us for a copy of the personal data that we hold on you
● rectification – if you become aware of any errors or inaccuracies concerning your personal data, please let us know either by updating your details on the website or applications you are registered with or contacting us.
● withdraw consent – where we process personal data based on consent, you have a right to withdraw consent at any time. To stop receiving direct marketing emails from us, please click on the unsubscribe link in the relevant email. For any other withdrawals of consent please contact our DPO office.
● erasure/deletion- you can ask us to erase or delete your personal data when we no longer need it for the purposes it was obtained.
● data portability- you can ask for your personal data to be sent to you or to another organisation
● review automated decision making – if we make automated decisions about you, you can ask for those decisions to be reviewed
● restrict or object to our processing – you can ask to restrict or object to our processing of your personal data (e.g. removal from a marketing subscription list).
If you wish to exercise any of the rights, please send an email us at firstname.lastname@example.org
Security Of Data
Security is of utmost importance to us. Whilst no data transmission over the internet or any other network can be guaranteed as 100% secure, we take all reasonable steps to safeguard the personal data we hold, and we have in place appropriate technical and organizational security measures in order to protect personally identifiable data and information from loss, misuse, alteration or destruction.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
From a marketing perspective we will be using the following tools:
● Google Analytics
● Google Tag Manager
● Hubspot CRM
● Facebook Pixel.
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
Secretum does not knowingly collect any Personal Data from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records