Information on the processing of personal data
Sec4good, s.r.o., with its registered office at Myslivečkova 882, 250 92 Šestajovice, ID No.: 17932114, a
company registered in the Commercial Register maintained by the Municipal Court in Prague, Section C,
Insert 378876 (hereinafter referred to as Sec4good), provides two types of services, mainly in the field
of B2B sales support (sales of companies to companies):
- Development and provision of software tools
- Security consulting.
Sec4good works with personal data about natural persons on a marginal basis. At Sec4good, we consider the
protection of privacy and personal data to be of paramount importance and we only handle personal data
in accordance with applicable legislation and often secure data beyond our legal obligations. We take
the liberty of presenting this policy which explains what we do to ensure the confidentiality and
security of personal data. A fundamental principle that Sec4good adheres to when dealing with personal
data is that Sec4good does not share personal data with third parties (unless required to do so by law).
Sec4good collects data about its potential current and past business partners primarily for marketing
purposes.
The purpose of this document is to provide you with information about:
- Who we are
- What personal data we collect
- How we assess the level of risk arising from the processing of personal data
- What we use personal data for
- How we handle personal data and the period for which we store personal data
- From what sources we obtain personal data
- To whom we provide personal data
- Where you can get more information
1. Who we are
Sec4good s.r.o.
with registered office at Myslivečkova 882, 250 92 Šestajovice
IČO: 17932114
company registered in the Commercial Register kept at the Municipal Court in Prague, Section C, Insert
378876
2. What personal data we collect
Sec4good collects the following personal data in the context of business relationships:
- Identification data of business partners: title, name, surname, e-mail, telephone.
- For the analysis of website traffic, we store the IP address, browser language and estimated
location according to geoIP.
- Data on the use of Sec4good tools, if you are a user of our products
3. How we assess the level of risk arising from the processing of personal data
We assess the level of risk arising from Sec4good's processing of personal data as low. In the context of
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free movement of
such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"), we do not
identify any services, products or activities of Sec4good posing a "high risk" to the protection of
personal data under Article 76. This assessment is based on the following facts:
- Sec4good stores mainly personal data that is publicly available. Therefore, there can be no
physical, tangible or intangible harm to the data subject under Article 75 caused by the leakage of
such data.
4. For what purposes we use the data
We collect and store personal data for the following purposes:
- Business risk assessment. In order to assess the risk arising from business cooperation
(counterparty risk), it is necessary to clearly identify entities linked by ownership or at the
level of statutory and authorised representatives.
- Direct marketing and data management. Recital 47 of the GDPR states that "Processing of personal
data for direct marketing purposes may be regarded as processing carried out for legitimate
interest". For this purpose, Sec4good collects and processes physical addresses associated with
business activities even if such address is also the residence of the natural person.
- Performance under existing contractual relationships and contractual relationships under
negotiation.
Sec4good does not use personal data for decision-making based solely on automated processing, including
profiling, which has legal effects on the data subject or significantly affects him/her in a similar way
within the meaning of Article 22 of the GDPR.
5. How we handle personal data
We process all personal data with the utmost care and every effort to protect such data, both as a
processor and as a data controller. Among other things, the following measures ensure the protection of
personal data:
- Physical security: all physical servers on which personal data may reside are located in locked
areas, in separate, individually lockable rooms in buildings with 24/7 (24 hours, 7 days a week)
security. Access to these areas is monitored by name-assigned access cards.
- Technological security: all devices on which personal data may reside or through which personal data
may be accessed are secured with at least a username and password and firewall software. Personal
data can only be accessed remotely via an encrypted connection. Some Sec4good tools may contain
small amounts of personal data (e.g. if the user makes a note of it). Access to all Sec4good tools
is therefore protected by a username and password.
- Procedural security:Sec4good has a range of procedural safeguards for personal data. Some of the
most important ones include:
Access to personal data is restricted on a "need to know" basis, i.e. only a narrow range of people
who need it for their work have access to it. A list of these persons is available for inspection at
the Sec4good offices.
- Legal security: all persons with access to personal data have been properly instructed on how to
handle personal data and, conversely, what is inadmissible. All persons with access to personal data
have been made aware of the obligation of confidentiality and have confirmed it by signing.
- Code of Conduct for the handling of personal data: All persons who come into contact with personal
data have been made aware of and understand the Sec4good Code of Conduct for dealing with personal
data. This code is available for inspection at Sec4good headquarters.
We store personal data only for the time necessary to fulfil the purpose of processing. After this
period, the personal data are fully anonymised and used only for statistical evaluation purposes.
Specifically, the following period of time:
- We retain the data for as long as necessary for the purposes of performance under the contract and
for as long as necessary to comply with legal obligations or to protect our rights.
- Data provided on the basis of the data subject's consent will be kept for the period specified in
the consent. If you exercise your right to be forgotten or withdraw the consent given, the data will
of course be kept for a shorter period.
- Data on the use of Sec4good tools for as long as you have been a user of Sec4good tools + 6
months.
6. From which sources we obtain personal data
We obtain personal data from public sources such as commercial, trade and other registers, information
portals, etc. We do not obtain personal data by direct enquiry or other non-public means.
7. To whom we provide personal data
We do not share personal information with any third parties unless required by law.
8. Where you can get more information
For further information, please do not hesitate to contact us at info@sec4good.cz , where we will be
happy to answer your questions both generally and based on your rights under the GDPR, namely:
- Right of access to personal data: you have the right to ask Sec4good to confirm whether your
personal data is actually processed by Sec4good and, if so, you have the right to obtain access to
that personal data and to the specified information. In such case, Sec4good will provide you with a
copy of the personal data processed in the form of an extract from Sec4good's database once per
current year free of charge, otherwise on payment of material costs.
- Right to rectification: you have the right to have inaccurate personal data processed about
you in the Sec4good database corrected without undue delay. You also have the right to have
incomplete personal data completed, including by providing an additional declaration.
- Right to erasure ("right to be forgotten"):you have the right to have your personal data
deleted without undue delay if one of the grounds set out in the General Data Protection Regulation
applies (e.g. because the personal data processed is not necessary for the purposes specified or
because the processing is unlawful).
- Right to restriction of processing: You have the right to have the processing of your
personal data restricted if one of the grounds provided for in the General Data Protection
Regulation (e.g. because of the inaccuracy of the personal data processed or the unlawfulness of its
processing) is applicable.
Please note that the right to data portability, i.e. The right to
obtain personal data (which concerns you and which you have provided to the user) in a structured,
commonly used and machine-readable format and the right to transmit this data to another controller
without the user objecting, is not relevant in view of the nature of the processing of your personal
data in the Sec4good database and we cannot therefore comply with requests concerning data
portability.
- Right to lodge a complaint: if you believe that the processing of your personal data in the
Sec4good database violates the relevant legislation, in particular the General Data Protection
Regulation, you may contact Sec4good with an objection to the processing of your personal data or
with your complaint to the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7,
www.uoou.cz.
We will provide you with the requested information and documents and/or information on the measures taken
without undue delay, but no later than one month from the date of receipt of your request. In some
cases, however, this period may be extended and we will inform you of this. If it is not possible to
comply with your request, we will inform you of this fact and the reasons for it, including information
about your other rights (the right to lodge a complaint and the right to judicial protection).
If necessary, we are entitled to ask you for additional information to confirm your identity in
connection with your request. If we cannot establish your identity, we cannot normally comply with your
request.
You can use your rights free of charge. If the requests made are manifestly unfounded or unreasonable, in
particular because they are repetitive, we may charge you a reasonable fee or we may refuse to comply
with your request.