Last updated: 19-April-2024
Thank you for choosing to collaborate with Seculyze. Welcome to our privacy notice as part of our overcall company Privacy Policy.
Seculyze respects your privacy and is committed to protecting your personal data. This privacy notice will inform you how we look after your personal data when you visit our website, attend events, register to use our products and services, and tell you about your privacy rights and how legislation protects you.
1 Who is Data Controller?
Seculyze is the data controller for the processing of the personal data in this notice:
Seculyze
Lathyrusvej 11
3500 Vaerloese, Denmark
CVR DK42004332
If you have any questions about this notice or any other parts of the Seculyze Privacy practices, please contact us at hello@seculyze.com
2 Information We Collect
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
A. Identity Data includes name, username, title and identity of the organization you represent.
B. Contact Data includes email, telephone numbers and address (most often the address of the organization you represent).
C. Financial Data includes bank account and payment card details.
D. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
E. Technical Data includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
F. Profile Data includes your interests, preferences, feedback and survey responses.
G. Usage Data includes information about how you use and interact with our website, products and services.
H. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Our products and services are mainly offered to businesses and other professional organizations. Financial data and transactional data will in consequence only rarely qualify as Personal Data as it relates to the organization you represent and not you.
In most situations the information is collected directly from you when you register to use our products and services, request marketing from us or otherwise communicate with us.
As you interact with our website or services, we may automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
We may receive Identity and Contact Data from the organization you represent if you are authorized to log into and utilize our products and services in connection with your organizations account.
3 The Purposes and the Lawful Basis
Seculyze will only use your personal data when legislation allows it. Most commonly, we will use your personal data in the following situations:
W. Contract, where we need to perform the contract, we are about to enter into or have entered into with you or the organization you represent cf. GDPR Article 6 (1) (b).
X. Legitimate, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests cf. GDPR Article 6 (1) (f).
Y. Comply, where we need to comply with a legal or regulatory obligation (e.g. accounting and tax) cf. GDPR Article 6 (1) (c).
Z. Consent, where you have provided your consent (e.g. double opt-in on newsletters or cookie consent) cf. GDPR Article 6 (1) (a).
4 How We Collect Information
|
Purpose |
Type of data |
Lawful basis |
Explanation |
|
To register you as a new customer or as contact person for the organization you represent |
(A) Identity (B) Contact |
(W) Contract (X) Legitimate |
As part of the onboarding process for either a paid or free trial, we will collect data about you and your organization to legitimize you and your usage in relation to your organization, which also can be for forensics. Data is either stored in Azure or in our authentication Service Provider Auth0.
Read the Service Provider Auth0 is GDPR compliance description here: https://auth0.com/docs/secure/data-privacy-and-compliance/gdpr
Read the Service Provider Microsofts Privacy Policy here: https://privacy.microsoft.com/en-us/privacystatement |
|
To manage and perform the contract with you or the organization you represent including: (a) enable you to access and use the Services, (b) to provide customer service and support (c) Manage payments, fees and charges (d) Collect and recover money owed to us (e) to send you technical notices, updates, security alerts, and support and administrative messages |
(A) Identity (B) Contact (C) Financial (D) Transaction (E) Technical data (F) Profile |
(W) Contract (X) Legitimate (Y) Comply |
All purchases of Seculyze software is done through the Service Provider, Microsoft Azure marketplace, which keeps and manages the financial and transaction data – as well as identity, contract and profile data – through your user accounts created there.
Financial information is transferred to our account system from the Service Provider called Dinero to allow for bookkeeping. From Dinero, invoices for consultancy are also sent. We must save all accounting documents cf. the Accounting Act. This means that we store invoices and similar attachments for accounting purposes. This may include general personal data such as name, address, service description.
As part of the purchase, you will be created in our CRM system hosted by Service Provider Hubspot.
Read the Service Provider Microsoft’s Privacy Policy here: https://privacy.microsoft.com/en-us/privacystatement
Read the Service Provider Dinero Privacy Policy here: https://dinero.dk/sikkerhed/privatlivspolitik/
Read the Service Provider Hubspot’s Privacy Policy here: https://legal.hubspot.com/privacy-policy
|
|
Send you newsletters or other marketing |
(A) Identity (B) Contact (H) Marketing and Communications |
(Z) Consent |
We have a newsletter that you can sign up for voluntarily – and you can always unsubscribe from this again. Our newsletter service is created with the Service Provider Hubspot (www.hubspot.com).
Read the Service Provider Hubspot’s Privacy Policy here: https://legal.hubspot.com/privacy-policy |
|
Use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
(E) Technical (G) Usage |
(X) Legitimate (Z) Consent |
Our products/services use software to create heatmaps and session recordings as direct input to our development cycle. We use the Clarity as tool which is a Microsoft tool and resides under their Privacy Policy.
Read the Service Provider Microsoft’s Privacy Policy here: https://privacy.microsoft.com/en-us/privacystatement |
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
(A) Identity (B) Contact (E) Technical (F) Profile (G) Usage
(H) Marketing and Communications |
(X) Legitimate (Z) Consent |
Our website and services use cookies to improve your experience with the website.
Read more about our cookie policy here: https://seculyze.com/legal/cookie-policy/ |
|
Support through chat on website and product |
(A) Identity (B) Contact |
(Z) Consent |
We have a support chat that is anonymous. You can get follow-up mails and transcripts, but it requires a mail that you voluntarily can add. Our service is created with the Service Provider Hubspot (www.hubspot.com).
Hubspot Privacy Policy: https://legal.hubspot.com/privacy-policy |
|
Showing a testimonial |
(A) Identity (B) Contact |
(Z) Consent |
After your explicit consent, we might post your name along with your testimonial based. If you wish to update or delete your testimonial, you can contact us at the mail shown in section 2 “Who is the Data Owner” |
|
Receive unsolicited job applications |
(A) Identity (B) Contact |
(Z) Consent |
If you have sent an unsolicited application by mail, HR will immediately assess whether your application is relevant, and then delete your information again if there is no match. |
|
Applying for a job |
(A) Identity (B) Contact |
(X) Legitimate
(Z) Consent |
We only advertise jobs through the Service Provider The Hub (www.thehub.io). The Hub requires that you are registered as user in order to apply for a job. Data processing therefore follows the Privacy Policy from The Hub.
If you have sent an application for an advertised job, we will dispose of your application in the event that you are not hired, and immediately after the right candidate has been found for the job.
If you are part of a recruitment process and/or hired for the job, we will give you separate information about how we process your personal data in this connection.
Read the Service Provicer The Hub’s Privacy Policy here: https://thehub.io/privacy-policy |
5 Sharing of the Collected Information
5.1 Third-Party Service Providers
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of our Websites and Services, application development, backup, storage, payment processing, marketing, analytics, and other services for us. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for any other purpose than in connection with the services they provide to us. We have entered into data processor agreements with all of our data processors.
5.2 Compliance with Laws and Law Enforcement Requests; Protection of Our Rights
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal information to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms and Conditions, or as otherwise required by law.
5.3 Business Transfers
We may assign or transfer your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge. If we do, we will inform them of the requirement to handle your personal information in accordance with this privacy notice.
5.4 Transfer to Third Countries
We will not transfer your personal data to recipients outside EU or EEA unless we have ensured compliance with GDPR Chapter V.
Some of our third-party service providers are established outside the EEA, including in the US so their processing of your personal data will involve a transfer of data outside the EEA. However, to ensure that your personal information receive an adequate level of protection we have ascertained that sufficient safety measures have been implemented to allow for the transfer either by an adequacy decision made by the European Commission or by use of standard contractual clauses approved by the European Commission which give personal data the same protection it has in Europe.
You may request more information on our current data processors established outside the EEA and the safety measures in place to allow for the transfer of personal data– please send your request to us at the mail from section 2 “Who is the Data Controller”
6 Data Retention
We retain the personal information we collect where we have an ongoing legitimate business need to do so. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.
Identity, Contact, Financial and Transaction Data is saved to demonstrate the agreement we have/have had and for accounting and tax purposes for up to five full fiscal years after the expiry of the year in which you or the organization you represent cancel the Service Account.
Your consent to receive e-marketing will be saved. We will stop sending you e-marketing when you withdraw your consent.
Technical and Usage Data will be deleted 3 months after you or the organization you represent cancel the Service Account.
Data may be retained for longer period if we are legally obliged to do so, or if retention is necessary to establish, exercise or defend legal claims.
7 Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. We may ask you to verify your identity before responding to requests. If you would like to exercise any of these rights, please contact us at email detailed in the “Who is the Data Controller” section of this Policy.
You have the right to file complaints to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
8 Changes to this Policy and Notifications
The Privacy Policy changes from time to time. When We make material changes to the Policy, we will provide You with appropriate notice depending on your scope:
Only web access: Force users to (re)consider consent when entering the website.
Newsletter sign-up: A mail is sent to everyone that on the newsletter list.
Application access: A notification will be shown in the notification module.