1) Data We Collect
We may collect and process the following categories of personal data:
Personal Identification Information
- Name, email address, phone number, and company information provided when contacting us
- Account credentials and profile information for our services
- Billing and payment information (processed by third-party payment providers)
- Communication records and support requests
Technical Data
- IP addresses, browser type and version, operating system
- Device identifiers and technical specifications
- Network and connection information
- Security and authentication logs
Usage Data
- Website and service usage patterns
- Feature interaction and performance analytics
- Error reports and diagnostic information
- Session duration and user flows
2) How We Use Your Data
We process your personal data for the following purposes:
- Service provision: To provide, operate, and maintain our cybersecurity services
- Communication: To respond to inquiries, provide support, and send service updates
- Security and fraud prevention: To protect our services and users from security threats
- Analytics and improvement: To analyze usage patterns and improve our services
- Legal compliance: To comply with applicable laws and regulatory requirements
- Marketing: To send promotional materials (only with your explicit consent)
3) Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Art. 6(1)(b) - Contract Performance of contractual obligations and pre-contractual steps
- Art. 6(1)(f) - Legitimate Interests Security, fraud prevention, analytics, and business operations
- Art. 6(1)(a) - Consent Marketing communications and optional analytics (withdrawable at any time)
- Art. 6(1)(c) - Legal Obligation Compliance with applicable laws and regulations
Legitimate Interests Assessment: We have conducted balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms.
4) Data Sharing & Transfers
We do not sell, trade, or rent your personal data to third parties. We may share data with:
Service Providers & Sub-processors
- Cloud hosting and infrastructure providers
- Payment processors (tokenized data only)
- Email and communication service providers
- Analytics and security monitoring tools
Legal Requirements
- Law enforcement agencies when legally required
- Regulatory authorities for compliance purposes
- Legal proceedings and court orders
All third parties are bound by contractual obligations to protect your data in accordance with GDPR requirements.
5) International Transfers
When we transfer your personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries with adequate data protection levels
- Standard Contractual Clauses (SCCs): EU Commission approved contractual safeguards
- Binding Corporate Rules: For transfers within multinational organizations
- Certification schemes: Recognized data protection certifications
We do not rely on frameworks that have been invalidated by EU courts (such as Privacy Shield).
6) Your Rights Under GDPR
As a data subject, you have the following rights regarding your personal data:
Art. 15 Access
Request a copy of the personal data we hold about you
Art. 16 Rectification
Request correction of inaccurate or incomplete data
Art. 17 Erasure
Request deletion of your personal data under certain conditions
Art. 18 Restriction
Request limitation of processing in specific circumstances
Art. 20 Portability
Request transfer of your data to another service provider
Art. 21 Objection
Object to processing based on legitimate interests or direct marketing
Art. 7(3) Withdraw Consent
Withdraw consent for processing based on consent at any time
To exercise these rights, contact us at privacy@raptorcybersecurity.com. We will respond within one month and may request identity verification.
7) Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
- Account data: Duration of service relationship plus 7 years for legal obligations
- Marketing data: Until consent is withdrawn or objection is raised
- Analytics data: Aggregated and anonymized after 26 months
- Security logs: Up to 2 years for incident investigation and prevention
- Legal compliance data: As required by applicable laws and regulations
8) Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Data encrypted in transit and at rest using industry standards
- Access controls: Role-based access with multi-factor authentication
- Network security: Firewalls, intrusion detection, and monitoring systems
- Staff training: Regular data protection and security awareness programs
- Incident response: Procedures for detecting, reporting, and responding to breaches
- Regular audits: Periodic security assessments and compliance reviews
9) Cookies & Tracking
We use cookies and similar technologies in accordance with GDPR requirements. See our Cookie Policy for detailed information about:
- Types of cookies we use and their purposes
- How to manage cookie preferences
- Third-party cookies and tracking technologies
- Your consent rights and withdrawal options
10) Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights:
- EU residents: Your national data protection authority
- UK residents: Information Commissioner's Office (ICO)
- Swiss residents: Federal Data Protection and Information Commissioner (FDPIC)
However, we encourage you to contact us first so we can address your concerns directly.
11) Changes to This Policy
We may update this GDPR Policy to reflect changes in our practices, services, or legal requirements. Material changes will be communicated through:
- Prominent notice on our website
- Email notification to registered users
- In-service notifications where applicable
Continued use of our services after changes become effective constitutes acceptance of the updated policy.