Privacy Policy

This Privacy Policy is issued by Legal Notice, acting as Data Controller. For inquiries regarding data processing, please contact: privacy@secureaudit.pro. As a professional GDPR compliance and security auditing service, we are committed to protecting your personal data.

We collect the following categories of personal data: • Contact Information: Name, email address, telephone number • Business Information: Company name, VAT/registration number, domain names, URLs • Professional Role: Job title, position within organization • Technical Data: IP addresses (processed in anonymized form), browser type, device information • Communication Records: Messages, inquiries, support requests Data is collected directly from you when you: – Request an audit or consultation – Subscribe to monitoring services – Contact us via contact forms – Use our interactive tools and demo

We process your personal data based on the following legal bases under GDPR Article 6: • Article 6(1)(a): Consent – when you provide explicit consent for specific processing activities • Article 6(1)(b): Contractual Necessity – to perform our service contract with you • Article 6(1)(c): Legal Obligation – to comply with accounting, tax, and data protection laws • Article 6(1)(f): Legitimate Interests – for direct communication about our services, where your interests override ours Your data will never be sold to third parties.

Personal data is processed for the following purposes: • Service Delivery: Conducting security audits, vulnerability assessments, and compliance reviews • Communication: Responding to inquiries, providing service updates, sending technical reports • Service Improvement: Analyzing usage patterns to enhance our security tools • Billing: Processing payments, issuing invoices • Legal Compliance: Maintaining records as required by commercial and tax laws • Marketing: Sending newsletters or promotional materials (only with your explicit consent)

Your personal data may be shared with: • Internal Personnel: Authorized employees requiring access for service delivery • Service Providers: Third-party technical tools (e.g., vulnerability scanners, payment processors) acting as Data Processors under written DPAs • Legal Authorities: When required by law or to protect our legitimate rights in legal proceedings • Supervisory Authorities: Data protection authorities upon request or as part of regulatory investigations All third-party processors are carefully vetted and bound by contractual obligations equivalent to GDPR standards.

Your personal data is primarily processed within the European Economic Area (EEA). Transfers outside the EEA occur only when: • Adequate protection is ensured through appropriate safeguards (e.g., Standard Contractual Clauses, Binding Corporate Rules) • You have given explicit consent to the specific transfer • The transfer is necessary for performance of a contract All international transfers comply with GDPR Chapter V requirements. We utilize EU-approved Standard Contractual Clauses for transfers to non-adequate countries.

Personal data is retained only as long as necessary: • Customer Data: 10 years from contract end (accounting/tax obligations) • Inquiries Not Converted to Customers: 2 years from last contact • Marketing Communications: Until consent withdrawal • Technical Logs: 12 months (security and performance monitoring) • Legal Documents: Required retention periods as specified by law After retention periods expire, data is securely deleted or anonymized.

Under GDPR, you have the following rights: • Right of Access (Art. 15): Obtain confirmation and copy of your personal data • Right to Rectification (Art. 16): Request correction of inaccurate data • Right to Erasure (Art. 17): Request deletion when no longer necessary • Right to Restriction (Art. 18): Limit processing in certain circumstances • Right to Portability (Art. 20): Receive data in structured, machine-readable format • Right to Object (Art. 21): Object to processing based on legitimate interests • Right to Withdraw Consent (Art. 7): Withdraw consent at any time (prospective effect) • Right to Lodge Complaint (Art. 77): File complaint with supervisory authority To exercise these rights, contact: privacy@secureaudit.pro

We do not use automated decision-making, including profiling, that produces legal or similarly significant effects. Our security audits and vulnerability assessments are conducted by qualified security professionals. Automated scanning tools provide technical data that is reviewed by human experts.

We implement appropriate technical and organizational measures per GDPR Article 32: • Technical: Encryption at rest and in transit, secure authentication, regular security updates • Organizational: Access controls, staff training, confidentiality agreements, incident response procedures • Monitoring: 24/7 intrusion detection, vulnerability scanning, audit logging Despite these measures, please be aware that no internet transmission is completely secure.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be notified via: • Email to registered users • Prominent notice on our website • Updated "Last Updated" date Continued use of our services after changes constitutes acceptance.

For any questions regarding this Privacy Policy or your personal data: Email: privacy@secureaudit.pro Postal: Legal Notice Supervisory Authority: Data Protection Commissioner (Ireland) or your local DPA You also have the right to lodge a complaint with your local data protection supervisory authority.

We use cookies and similar technologies to: • Essential: Required for site functionality (authentication, security) • Analytical: Anonymous usage statistics (optional, with consent) • Marketing: Personalized content (optional, with consent) Cookie settings can be managed via our cookie banner. For detailed cookie information, see our Cookie Management interface.