What personal data is collected?
In order to deliver our services to our clients, website visitors, conference attendees, job applicants and other obligations under contracts, Secura gathers personal data. This includes:
- Basic data: initials, last name, position of the person, company address. These data are provided by you with your consent.
- Contact data: mobile phone number, business email address of the related person(s) of procurement, the involved Client (IT) department or other persons working at Clients involved by the preparation, organization and performance of the assignment. These data are provided by you upon your consent.
- Marketing data: to keep prospect-, previous- and active clients informed about our services and to share our knowledge we use basic data and contact data to send newsletters, white papers invitations for events, trainings, workshops and conferences. We collect these personal data with your consent (by mail you will be given the opportunity to opt –in to receive the information) and the data are provided by you. We do not buy client data and process these as we feel that building customer relations is upon mutual respect, trust and the aim to provide our services to strengthen your data protection.
- Job Application data: CV’s, address and contact details.
- Contract, proposal data, project data containing personal data: Client representing individuals by name, position, signature, procurement details, initials, escalation & services contacts.
- Visitor data: first name, last name, employer, type of ID checked, time in the office, time of leaving office, CCTV images of the offices for personal safety and safety of employees.
Purpose of processing
The processing of personal data (including business data that refers to a natural person) is necessary for doing business with customers, the preparation and/or performance of our services and related invoicing and therefore necessary for the execution of contracts.
We share our knowledge with parties who are interested in receiving whitepapers, blogs, articles by social media (LinkedIn, Twitter, Facebook), mailings, newsletters, visiting our website or registering for our annual Black Hat Sessions conference, sign up for a workshop, following a training or wish to gain information about our services. The personal data needed to share our knowledge with you is provided by you on opt –in basis with your consent.
We register your visitor data for security reasons. In case of an incident we need to know who was in the building at the time of the incident, the data in that situation is necessary for the establishment, exercise or defence of legal claims.
Processing by whom
Data is processed by Secura and various sub processors. The Sub Processors/Controllers that receive client data for further processing are:
- business partners:
- companies that partner in mutual service related projects and assignments that process client data for the performance of the contract;
- companies that sponsor our Black Hat Sessions (BHS) conference and who ask us (with your consent) to provide marketing data to them.
- suppliers (marketing support, BHS conference support);
- accounting & tax service provider that receive client data as a sub processor/controller;
- government institutions: for legal/tax obligations.
Storage (including registration of processing)
Your data are registered and stored in our CRM system and on our own servers which are located in the Netherlands.
- All client data, stored on servers, laptops and other data carriers will be encrypted (AES128 or stronger).
- Back-ups of client data will also be encrypted.
- Secura has an information security policy and strictly guards that employees live up to this policy.
- Secura has taken extensive security measures to secure the part of its IT infrastructure that is connected to the internet, as should be expected of us. Also all internal e-mail and - if supported by the counterparty’s mail server - external e-mail will be sent via a TLS-connection.
- Financial data will be stored for 7 years according to legal obligations.
- Job Applicant data will be stored for 5 years, or longer if the applicant still works for Secura (in that case it is part of the employee dossier)
- Marketing data is kept up to date and stored in a separate system on servers in The Netherlands.
- Visitor data will be stored for 3 months and then destroyed, unless necessary for the establishment, exercise or defence of legal processes. The data used will be stored and processed until the legal processes are ended.
If you would like to learn more about the processing of your personal data and your individual rights, please do not hesitate to contact our legal councel: firstname.lastname@example.org.