Skip to the main content.

Privacy Policy

1.0 General

1.1  This website is operated by Binalyze OÜ (“we” or “us”) that provides forensics solutions (“Service”) to individuals and companies as its clients. We recognize the importance of your privacy and are committed to protecting your personal data. This privacy notice (“Notice”) explains the principles on how we collect and use information when you visit the website https://binalyze.com/ („Website“), subscribe to our newsletter, you or the legal entity you work at or represent wishes to conclude a contract with us or receive our products through our distributor, requests for a demo or a free trial of our products, or take any other actions on our Website, which entail us receiving and processing your personal data.

1.2  For the purposes of providing the Service, we may access information about evidence types that can be broadly categorised as system, disk, memory, browser, NTFS, registry, network, event logs, WMI, process execution and other evidence, and artefacts that can be broadly categorised as server, Microsoft applications, communications, social, productivity, utilities, developer tools and cloud artefacts. Regarding data, which we access due to the provision of the Service, we act as a data processor and the processing of such data is governed by the data processing agreement concluded with our client, i.e you or the legal entity you work at or represent as a data controller. The data controller is responsible for such processing and is obliged to provide you information about such data processing.

1.3  We process your personal data as described in this Notice and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) and the national data protection laws of the Republic of Estonia, as applicable towards the personal data controller stated in Section 2 of this Notice.

1.4  In case you disclose any personal data regarding any third person(s) (e.g. your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Notice.

2.0 Personal Data Controller

2.1  For the personal data processing purposes brought out in Section 4 of this Notice, the controller of your personal data is:

Binalyze OÜ
Registry code: 14434021
Address: Narva mnt 5, 10117, Tallinn, Estonia
E-mail: contact@binalyze.com

2.2  In case of personal data protection-related inquiries, please contact our nominated Data Privacy Officer by writing to: privacy@binalyze.com.

3.0 Categories and Sources of Personal Data

3.1  Personal data are information that can be used to directly or indirectly uniquely identify, contact, or locate you as a private individual (“Personal Data”). The source of the collected Personal Data depends on how you interact with us. We may obtain and process the following categories of Personal Data:

3.1.1  Main data: name, e-mail address, phone number, legal entity’s name (“Main Data”).
Source: Personal Data you directly provide to us upon submitting your information via the Website.

3.1.2  For concluding and managing our contractual relationship, we process the following data: Main Data, Communication Data, payment details such as debit/credit card number, billing address. If you represent a legal entity, we additionally collect the legal entity’s name, registry code, and job title (“Contract Data”).
Source: Personal Data you directly provide to us or Personal Data provided to us by the legal entity you represent.

3.1.3  If you interact with us via the Website, live chat, or e-mails, we process the following Personal Data: Main Data, Contract Data, contents of your message. Additionally, we may supplement the Personal Data that you have provided to us directly with information that has been obtained from publicly available resources and registrars („Communication Data“).
Source: Personal Data you directly provide to us upon contacting us and the information we have obtained from publicly available resources, such as LinkedIn and HubSpot, and registrars, such as country-specific commercial registrars.

3.1.4  Upon visiting the Website, our server processes the following data: IP address, access-provider, referring and exit URL, date, time, access tokens, session key, browser type and version, operating system, your navigation on the Website, amount and state of transferred data (“Technical Data”).
Source: While you are browsing through the Website, the Website itself generates or collects the Technical Data from your device automatically.

3.1.5  When using the Service, we process the following data, which may include your Personal Data: licence ID, user ID, user role, action made in the product, attributes of that action, error logs with the associated ID (“Usage Data”).
Source: While you are using the Service, the product infrastructure itself generates or automatically collects the Usage Data.

3.1.6  Cookie data. We implement cookies on the Website, for optimising the Website and its functionalities. The cookies may collect your Personal Data. For further information on the purposes and functions of the cookies, please see our cookie notice.

3.2  If you do not provide the required information, we may not be able to provide you with our products, contact you or fulfill any other purposes provided in Section 4 of this Notice.

4.0 Legal basis and purposes for processing the Personal Data

4.1  Our legal basis to process your Personal Data depends on the objective and context in which we collect the Personal Data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal basis for processing:

Processing purpose

Legal basis for the processing purpose

Personal Data used for the processing purpose

Handling pre-contractual negotiations and communications, concluding of the contract and managing the contractual relationship

If you as a natural person wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of the contract or performing the contract concluded between us

If you as a representative of legal entity, who wishes to become or is already our client or partner and the enquiry or request is related to the legal entity’s potential or ongoing customer or partnering relationship with us, the legal basis is our legitimate interest in taking and implementing the pre-contractual measures of a contract or performing the contract concluded between the legal entity and us

Main Data, Communication Data

Responding to your enquiries and requests submitted via the Website, live chat, or e-mail, including submissions regarding partnership and receiving a demo

Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties

If you as a natural person wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of the contract or performing the contract concluded between us

If you as a representative of legal entity, who wishes to become or is already our client or partner and the enquiry or request is related to the legal entity’s potential or ongoing customer or partnering relationship with us, the legal basis is our legitimate interest in taking and implementing the pre-contractual measures of a contract or performing the contract concluded between the legal entity and us.

Main Data, Communication Data, Contract Data

Performing the contract by delivering the purchased products (including providing you with free trial of our product), contacting you regarding the purchased products

If the purchase is submitted by a natural person, the legal basis is performance of contract concluded between us

If the purchase is submitted by a legal entity, the legal basis is our legitimate interest in performing the contract concluded between the legal entity and us

Main Data, Contract Data, Communication Data

Gathering information about you from publicly available resources and registrars for the purposes of creating client segments and customising the information we provide to you about our business

Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties

Communication Data

Sending newsletters and other marketing information regarding us and our business via e-mail

Consent given upon subscribing to our newsletter

Main Data, Communications Data

Administering newsletter subscription list

Our legitimate interest in ensuring valid legal basis for sending newsletters and recording given and withdrawn consents (subscriptions)

Main Data

Diagnosing and repairing problems with the Website

Our legitimate interest in providing data security and preventing fraudulent actions related to the Website; ensuring the functioning of the Website

Technical Data

Making available the basic functions of the Website and administering the Website, including gathering information about visitor’s navigation on the Website

Our legitimate interest in providing the Website and understanding use patterns of the Website to be able to better the Website and enhance the user experience

Technical Data

Insurance and Risk Management

Our legitimate interest is to process personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice.

Usage Data

Analysing the use of our products

Our legitimate interests in improving, upgrading, and enhancing our products

Usage Data

Data exchange with our distributors and co-operation partners for facilitating the provision of our products

Our mutual legitimate interest in providing you with our product through our distributor or co-operation partner

Main Data, Contract Data

Storing information containing Personal Data in our backup systems

Our legitimate interest in ensuring continuity and security of data processing operations

All data categories named in Section 3.1

Disclosing data to our service providers or law enforcement and supervisory authorities

Our legitimate interest in utilising the information technology infrastructure and services provided by our service providers or performance of our legal obligation

All data categories named in Section 3.1

Intra-group data disclosures and transfers

Our legitimate interest in utilising common technical infrastructure and performing internal administrative tasks

All data categories named in Section 3.1

Arrange the sale or merger of our company and provide information for conducting the legal or other audit and the data exchange thereof

Our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful merger, acquisition or restructuring of the company

All data categories named in Section 3.1

Establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our users’ or employees’ rights

Our legitimate interest in facilitating effective establishment, exercise, or defence of legal claims

All data categories named in Section 3.1

Processing purpose

Legal basis for the processing purpose

Personal Data used for the processing purpose

Handling pre-contractual negotiations and communications, concluding of the contract and managing the contractual relationship

If you as a natural person wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of the contract or performing the contract concluded between us

If you as a representative of legal entity, who wishes to become or is already our client or partner and the enquiry or request is related to the legal entity’s potential or ongoing customer or partnering relationship with us, the legal basis is our legitimate interest in taking and implementing the pre-contractual measures of a contract or performing the contract concluded between the legal entity and us

Main Data, Communication Data

Responding to your enquiries and requests submitted via the Website, live chat, or e-mail, including submissions regarding partnership and receiving a demo

Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties

If you as a natural person wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of the contract or performing the contract concluded between us

If you as a representative of legal entity, who wishes to become or is already our client or partner and the enquiry or request is related to the legal entity’s potential or ongoing customer or partnering relationship with us, the legal basis is our legitimate interest in taking and implementing the pre-contractual measures of a contract or performing the contract concluded between the legal entity and us.

Main Data, Communication Data, Contract Data

Performing the contract by delivering the purchased products (including providing you with free trial of our product), contacting you regarding the purchased products

If the purchase is submitted by a natural person, the legal basis is performance of contract concluded between us

If the purchase is submitted by a legal entity, the legal basis is our legitimate interest in performing the contract concluded between the legal entity and us

Main Data, Contract Data, Communication Data

Gathering information about you from publicly available resources and registrars for the purposes of creating client segments and customising the information we provide to you about our business

Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties

Communication Data

Sending newsletters and other marketing information regarding us and our business via e-mail

Consent given upon subscribing to our newsletter

Main Data, Communications Data

Administering newsletter subscription list

Our legitimate interest in ensuring valid legal basis for sending newsletters and recording given and withdrawn consents (subscriptions)

Main Data

Diagnosing and repairing problems with the Website

Our legitimate interest in providing data security and preventing fraudulent actions related to the Website; ensuring the functioning of the Website

Technical Data

Making available the basic functions of the Website and administering the Website, including gathering information about visitor’s navigation on the Website

Our legitimate interest in providing the Website and understanding use patterns of the Website to be able to better the Website and enhance the user experience

Technical Data

Insurance and Risk Management

Our legitimate interest is to process personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice.

Usage Data

Analysing the use of our products

Our legitimate interests in improving, upgrading, and enhancing our products

Usage Data

Data exchange with our distributors and co-operation partners for facilitating the provision of our products

Our mutual legitimate interest in providing you with our product through our distributor or co-operation partner

Main Data, Contract Data

Storing information containing Personal Data in our backup systems

Our legitimate interest in ensuring continuity and security of data processing operations

All data categories named in Section 3.1

Disclosing data to our service providers or law enforcement and supervisory authorities

Our legitimate interest in utilising the information technology infrastructure and services provided by our service providers or performance of our legal obligation

All data categories named in Section 3.1

Intra-group data disclosures and transfers

Our legitimate interest in utilising common technical infrastructure and performing internal administrative tasks

All data categories named in Section 3.1

Arrange the sale or merger of our company and provide information for conducting the legal or other audit and the data exchange thereof

Our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful merger, acquisition or restructuring of the company

All data categories named in Section 3.1

Establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our users’ or employees’ rights

Our legitimate interest in facilitating effective establishment, exercise, or defence of legal claims

All data categories named in Section 3.1

4.2 We may process your Personal Data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the Personal Data, other legal grounds exist for the new processing purposes or the new purpose is compatible with the original purpose brought out above.

5.0 Personal Data retention period

5.1  Your Personal Data shall be stored insofar as reasonably necessary to attain the objectives stated in Section 4 of this Notice, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the Personal Data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your Personal Data and retain this anonymized information indefinitely.

5.2  Main Data and Contract Data, which are related to transactions, will be retained for 7 years as of the end of the financial year the transaction was recorded in our accounting ledgers.

5.3  In case the legal basis for processing your Personal Data is consent and you decide to withdraw the consent, we will stop processing Personal Data for the previously communicated purpose, however, we will retain a note regarding your withdrawal for the purposes of administering your decision and our data processing activities at least for a period of 1 year.

5.4  After the expiry of the retention period determined in accordance with Section 5 of this Notice or the termination of the legal basis for processing purpose, we may retain the materials containing the Personal Data in the backup systems, from which the corresponding materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond the use.

6.0 Sharing your personal data and data transfers

6.1  We disclose your Personal Data to third parties only in accordance with this Notice to recipients who have undertaken to observe confidentiality or are subject to statutory confidentiality. Your Personal Data will be disclosed to our employees who due to their duties have the necessity to process your Personal Data.

6.2  Only if necessary, for fulfilling our statutory or contractual obligations, we may disclose your Personal Data to the following recipients:

Type of the recipient

Purpose of disclosure

Law enforcement and supervisory authorities

We disclose your Personal Data to law enforcement and supervisory authorities only if we are under a duty to disclose or share these data in order to comply with legal obligations (for example, if required to do so under applicable law, by a court order or for the purposes of prevention of fraud or other crime)

Professional advisors (legal advisors, accounting, auditors etc)

In case not operating as data processors, conducting and supporting our regular business activities

Providers of support services related to fulfilling the contract

For the purposes of performing our obligation related to the fulfilment of the contract we may disclose Personal Data to support service providers, such as payment service providers

IT-service providers

In case not acting as data processor, providing IT solutions necessary for daily business functions

Distributors and co-operation partners

Facilitating the provision of our products through our distributor or co-operation partner

Group entities

Utilising common technical infrastructure and performing internal administrative tasks

Potential business acquirers, investors, and business transferee(s)

If necessary and required for successfully transferring our business or for the purposes of mergers and acquisitions, your Personal Data may be disclosed to the specified acquirers and their representatives and / or legal counsels

Type of the recipient

Purpose of disclosure

Law enforcement and supervisory authorities

We disclose your Personal Data to law enforcement and supervisory authorities only if we are under a duty to disclose or share these data in order to comply with legal obligations (for example, if required to do so under applicable law, by a court order or for the purposes of prevention of fraud or other crime)

Professional advisors (legal advisors, accounting, auditors etc)

In case not operating as data processors, conducting and supporting our regular business activities

Providers of support services related to fulfilling the contract

For the purposes of performing our obligation related to the fulfilment of the contract we may disclose Personal Data to support service providers, such as payment service providers

IT-service providers

In case not acting as data processor, providing IT solutions necessary for daily business functions

Distributors and co-operation partners

Facilitating the provision of our products through our distributor or co-operation partner

Group entities

Utilising common technical infrastructure and performing internal administrative tasks

Potential business acquirers, investors, and business transferee(s)

If necessary and required for successfully transferring our business or for the purposes of mergers and acquisitions, your Personal Data may be disclosed to the specified acquirers and their representatives and / or legal counsels

6.3  In addition to the data recipients brought out in Section 6.2 of the Notice, we may disclose Personal Data to third-party service providers who act as data processors and may operate the technical infrastructure that we need to host, store, manage and maintain the daily business. The following depicts the main categories with examples of our authorized processors, their location, and reason for processing:

Category of the authorised processor

Processing purpose

Safeguard

Location

Providers of IT-services

Providing IT-solutions necessary for the daily business functions (e.g. Microsoft Azure)

Data processing agreements, standard contractual clauses

World-wide, including the USA

Providers of marketing and customer management software services

Providing analytical insight and marketing tools for bettering daily business functions (e.g. MailChimp, HubSpot)

Data processing agreements, standard contractual clauses

World-wide, including the USA

Category of the authorised processor

Processing purpose

Safeguard

Location

Providers of IT-services

Providing IT-solutions necessary for the daily business functions (e.g. Microsoft Azure)

Data processing agreements, standard contractual clauses

World-wide, including the USA

Providers of marketing and customer management software services

Providing analytical insight and marketing tools for bettering daily business functions (e.g. MailChimp, HubSpot)

Data processing agreements, standard contractual clauses

World-wide, including the USA

6.4  To ensure that our service providers adhere to adequate data protection standards, we have concluded with all service providers engaged in the processing of Personal Data on our behalf written data processing agreements to ensure compliance with such standards. For service providers located outside the European Union or the European Economic Area (“EU/EEA”), we take special security measures (using EU Standard Contractual Clauses approved by the European Commission) to ensure that a level of protection of Personal Data comparable to that applicable in the EU/EEA is applicable to your Personal Data. We monitor the compliance of our service providers with the above requirements. Upon your request, we will make available further information on the safeguards applied.

7.0 Your rights as a data subject

7.1  We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.

7.2  You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Notice:

7.2.1  Right to access: you have the right to request access to any data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing;

7.2.2  Right to rectification: you have the right to request rectification and updating of your Personal Data if you believe that we are processing inaccurate or incomplete Personal Data;

7.2.3  Right to object: you are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing of your Personal Data on our legitimate interest;

7.2.4  Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if: (i) you wish to dispute the accuracy of certain Personal Data we are processing, such right applies until we have had the opportunity to satisfy ourselves of the accuracy of the personal data; (ii) we have been processing your Personal Data unlawfully, but you only request the restriction of the use of the Personal Data in question instead of its deletion; (iii) we no longer need the Personal Data for the original purposes of processing, but you still need such Personal Data to assert, exercise or defend against legal claims; (iv) you have objected to our processing of certain of items of your Personal Data until a determination is made whether or not your concerns are outweighed by our legitimate interests in processing your Personal Data;

7.2.5  Right to erasure: you may request your Personal Data to be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement;

7.2.6  Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;

7.2.7 Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time by contacting us or using relevant tools provided on the Website;

7.2.8  Right to contact the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can lodge your complaint with the Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at info@aki.ee (https://www.aki.ee/).

7.3  Please note that prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request regarding your rights brought out in Section 7.2 of the Notice.

8.0 Amendments to this notice

8.1  This Notice may be amended or modified from time to time to reflect changes in the way we process Personal Data and, in such case, the most recent version of the Notice will appear on this page. Please check back periodically, and especially before you provide any new personally identifiable information.

Version: June 2022


Binalyze AIR Guide

Download our DFIR Guide and learn more how you can elevate your incident response processes.

DOWNLOAD NOW