Online Privacy Notice
1.1 This website is operated by Binalyze OÜ (“we” or “us”) that provides forensics solutions (“Service”) to individuals and companies as its clients. We recognize the importance of your privacy and are committed to protecting your personal data. This privacy notice (“Notice”) explains the principles on how we collect and use information when you visit the website https://binalyze.com/ („Website“), subscribe to our newsletter, you or the legal entity you work at or represent wishes to conclude a contract with us or receive our products through our distributor, requests for a demo or a free trial of our products, or take any other actions on our Website, which entail us receiving and processing your personal data.
1.2 For the purposes of providing the Service, we may access information about evidence types that can be broadly categorized as system, disk, memory, browser, NTFS, registry, network, event logs, WMI, process execution and other evidence, and artefacts that can be broadly categorised as server, Microsoft applications, communications, social, productivity, utilities, developer tools and cloud artefacts. Regarding data, which we access due to the provision of the Service, we act as a data processor and the processing of such data is governed by the data processing agreement concluded with our client, i.e. you or the legal entity you work at or represent as a data controller. The data controller is responsible for such processing and is obliged to provide you information about such data processing.
1.3 We process your personal data as described in this Notice and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) and the national data protection laws of the Republic of Estonia, as applicable towards the personal data controller stated in Section 2 of this Notice.
1.4 In case you disclose any personal data regarding any third person(s) (e.g. your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Notice.
2.0 Personal Data Controller
2.1 For the personal data processing purposes brought out in Section 4 of this Notice, the controller of your personal data is:
Registry code: 14434021
Address: Narva mnt 5, 10117, Tallinn, Estonia
2.2 In case of personal data protection-related inquiries, please contact us by writing to: email@example.com.
3.0 Categories and Sources of Personal Data
3.1 Personal data are information that can be used to directly or indirectly uniquely identify, contact, or locate you as a private individual (“Personal Data”). The source of the collected Personal Data depends on how you interact with us. We may obtain and process the following categories of Personal Data:
3.1.1 Main data: name, e-mail address, phone number, legal entity’s name (“Main Data”).
Source: Personal Data you directly provide to us upon submitting your information via the Website.
3.1.2 For concluding and managing our contractual relationship, we process the following data: Main Data, Communication Data, payment details such as debit/credit card number, billing address. If you represent a legal entity, we additionally collect the legal entity’s name, registry code, and job title (“Contract Data”).
Source: Personal Data you directly provide to us or Personal Data provided to us by the legal entity you represent.
3.1.3 If you interact with us via the Website, live chat, or e-mails, we process the following Personal Data: Main Data, Contract Data, contents of your message. Additionally, we may supplement the Personal Data that you have provided to us directly with information that has been obtained from publicly available resources and registrars („Communication Data“).
Source: Personal Data you directly provide to us upon contacting us and the information we have obtained from publicly available resources, such as LinkedIn and HubSpot, and registrars, such as country-specific commercial registrars.
3.1.4 Upon visiting the Website, our server processes the following data: IP address, access-provider, referring and exit URL, date, time, access tokens, session key, browser type and version, operating system, your navigation on the Website, amount and state of transferred data (“Technical Data”).
Source: While you are browsing through the Website, the Website itself generates or collects the Technical Data from your device automatically.
3.1.5 Cookie data. We implement cookies on the Website, for optimizing the Website and its functionalities. The cookies may collect your Personal Data. For further information on the purposes and functions of the cookies, please see our cookie notice.
3.2 If you do not provide the required information, we may not be able to provide you with our products, contact you or fulfill any other purposes provided in Section 4 of this Notice.
4.0 Legal basis and purposes for processing the Personal Data
4.1 Our legal basis to process your Personal Data depends on the objective and context in which we collect the Personal Data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal basis for processing:
5.0 Personal Data retention period
5.1 Your Personal Data shall be stored insofar as reasonably necessary to attain the objectives stated in Section 4 of this Notice, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the Personal Data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your Personal Data and retain this anonymized information indefinitely.
5.2 Main Data and Contract Data, which are related to transactions, will be retained for 7 years as of the end of the financial year the transaction was recorded in our accounting ledgers.
5.3 In case the legal basis for processing your Personal Data is consent and you decide to withdraw the consent, we will stop processing Personal Data for the previously communicated purpose, however, we will retain a note regarding your withdrawal for the purposes of administering your decision and our data processing activities at least for a period of 1 year.
5.4 After the expiry of the retention period determined in accordance with Section 5 of this Notice or the termination of the legal basis for processing purpose, we may retain the materials containing the Personal Data in the backup systems, from which the corresponding materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond the use.
6.0 Sharing your personal data and data transfers
6.1 We disclose your Personal Data to third parties only in accordance with this Notice to recipients who have undertaken to observe confidentiality or are subject to statutory confidentiality. Your Personal Data will be disclosed to our employees who due to their duties have the necessity to process your Personal Data.
6.2 Only if necessary, for fulfilling our statutory or contractual obligations, we may disclose your Personal Data to the following recipients:
6.3 In addition to the data recipients brought out in Section 6.2 of the Notice, we may disclose Personal Data to third-party service providers who act as data processors and may operate the technical infrastructure that we need to host, store, manage and maintain the daily business. The following depicts the main categories with examples of our authorized processors, their location, and reason for processing:
6.4 To ensure that our service providers adhere to adequate data protection standards, we have concluded with all service providers engaged in the processing of Personal Data on our behalf written data processing agreements to ensure compliance with such standards. For service providers located outside the European Union or the European Economic Area (“EU/EEA”), we take special security measures (using EU Standard Contractual Clauses approved by the European Commission) to ensure that a level of protection of Personal Data comparable to that applicable in the EU/EEA is applicable to your Personal Data. We monitor the compliance of our service providers with the above requirements. Upon your request, we will make available further information on the safeguards applied.
7.0 Your rights as a data subject
7.1 We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.
7.2 You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Notice:
7.2.1 Right to access: you have the right to request access to any data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing;
7.2.2 Right to rectification: you have the right to request rectification and updating of your Personal Data if you believe that we are processing inaccurate or incomplete Personal Data;
7.2.3 Right to object: you are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing of your Personal Data on our legitimate interest;
7.2.4 Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if: (i) you wish to dispute the accuracy of certain Personal Data we are processing, such right applies until we have had the opportunity to satisfy ourselves of the accuracy of the personal data; (ii) we have been processing your Personal Data unlawfully, but you only request the restriction of the use of the Personal Data in question instead of its deletion; (iii) we no longer need the Personal Data for the original purposes of processing, but you still need such Personal Data to assert, exercise or defend against legal claims; (iv) you have objected to our processing of certain of items of your Personal Data until a determination is made whether or not your concerns are outweighed by our legitimate interests in processing your Personal Data;
7.2.5 Right to erasure: you may request your Personal Data to be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement;
7.2.6 Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;
7.2.7 Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time by contacting us through firstname.lastname@example.org
7.2.8 Right to contact the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can lodge your complaint with the Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at email@example.com (https://www.aki.ee/).
7.3 Please note that prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request regarding your rights brought out in Section 7.2 of the Notice.
8.0 Amendments to this notice
8.1 This Notice may be amended or modified from time to time to reflect changes in the way we process Personal Data and, in such case, the most recent version of the Notice will appear on this page. Please check back periodically, and especially before you provide any new personally identifiable information.
Version: April 2021