Lupasafe Privacy Statement v1.3

Purpose of Data Processing

Lupasafe provides insight into cyber risks using advanced technology and ethical hacking. We ensure that your personal data is handled confidentially and processed in compliance with the General Data Protection Regulation (GDPR). Your personal data may be processed for the following purposes:

1. To conclude and execute an agreement
2. To provide services, products, and information, either digitally or on paper
3. To invoice for paid services/products
4. To send user information, service messages, and other non-commercial notifications
5. To comply with legal and regulatory requirements, including audits

GDPR Compliance

Lupasafe is committed to GDPR compliance. We collect only necessary data and process it with care, giving you full control over your information, including rights to access, correct, and request deletion. Your personal data is processed based on your consent or legitimate interests where applicable. Our privacy practices are designed to protect your data, and we continuously update our security measures. Data is stored and processed within the EU, primarily at a Microsoft Azure data center in Amsterdam, Netherlands.

Data Collection

• Customers: When conducting business, we collect necessary personal data from customers, representatives, contacts, and employees, including email addresses, business phone numbers, and company addresses.
• User Platform Lupasafe: The required data includes:
  • Name
  • Email address
  • IP address

If Lupasafe software is installed, additional data may be processed based on usage.

Access to Your Data

Only authorized Lupasafe employees can access your personal data, and your employer has dashboard access for insights into cyber risks. Contact your employer to know who has dashboard access.

Data Copying Prohibition

Lupasafe guarantees no unauthorized data copying occurs. All interactions between endpoints and Lupasafe servers are logged and monitored.

Retention Periods

• Customers: Data is retained for two years post-relationship termination.
• User Platform: Data is retained for as long as your employer is a Lupasafe customer. Post-contract, data is deleted after 12 months unless agreed otherwise.

Grounds for Data Processing

Data is processed based on two GDPR bases:

1. Execution of Agreement: Necessary data, like name and payment details, for service provision and billing.
2. Legitimate Interest: To notify customers if their usernames/passwords are publicly available following data breaches.

Suppliers

We place high demands on our suppliers, who process data only on our behalf. Relevant suppliers include:

• Microsoft Azure (Amsterdam): Hosting with ISO and NEN certifications.

Exercising Your Privacy Rights

You can contact us by email, phone, or mail to exercise your rights:

Cookies

Lupasafe uses technical/functional cookies for website functionality and user convenience. Our cookies are essential for the website's functionality and aim to improve your experience by remembering settings and optimizing our content. You can disable cookies through your browser. We also use Hubspot and Google for tracking.

Data Protection

Lupasafe follows strict protocols to protect your data, such as encryption and access control. Our security framework aligns with:

• ISO 27001
• NEN 7510
• Cyber Essentials Standard

Data Processing Outside the EU

Lupasafe primarily processes data within the EU but ensures appropriate protections if data transfer outside the EU is required.

Insurance

Lupasafe maintains stringent data security protocols to prevent unauthorized access or breaches. Our insurance coverage supports legal claims and consultancy in cybersecurity incidents, although in-house expertise primarily manages these situations.

Final Note

We may update this privacy statement. The latest version is available on our website. If you have any concerns or complaints, please contact support@lupasafe.com.