Digital security is our core business. CTOtech.Cybersecurity offers various security services to clients and provides IT-advisory and IT-audit related services. We help our clients to gain insight into their security. Fulfilling this role in society as a trusted advisor, means that CTOtech.Cybersecurity is responsible for personal data of customers and its own employees. The data we work with not only contains business related personal data but also direct personal data. We strive for a high level of protection of the data we work with. This requires an information security management system (ISMS) with state-of-the-art information technology. We operate with well-defined and described, continuously updated processes, managed by employees that have a high level of security awareness.

If you are providing personal data to CTOtech.Cybersecurity from (prospect) client , supplier, or applicant perspective or just visiting our website, we process your data according to the 7 principles of GDPR:

  • Lawfulness, fairness and transparency of processing your data: we inform you about how your personal data will be processed and on what grounds, how your individual rights are guaranteed;
  • Purpose limitation: we collect and process your data for specified purposes directly connected to our business only;
  • Data minimisation and proportionality: we only process data that is necessary for the performance of our services by means that are proportionate as we work with the policy that less data is more secure;
  • Accuracy: with your support we work with complete and accurate personal data;
  • Storage limitation: we store our data within the EU and store only data that is either necessary for performance of our business or obliged by law;
  • Integrity and confidentiality: we protect your data with our security systems that protect our own data as well;
  • Accountability: we feel responsible for your data and act accordingly.

As we do care about your privacy we do care about your individual rights as well.

Right to access your data:

We allow you to check the accuracy and lawfulness of processing by informing you about:

  • The source of the personal data;
  • Provide you with information about the processing of your personal data;
  • Provide you upon request with a copy of your data.

Right to rectification of your personal data:

  • You are invited to correct the inaccurate data;
  • You are entitled to object to processing of your personal data based upon legitimate interest.

Right to restrict processing of your personal data if:

  • There is any unclear situation regarding the accuracy of your personal data;
  • You object to processing and we are in the process of verifying whether the legitimate grounds should override your individual rights and freedoms;
  • There are any doubts to the lawfulness of processing your personal data and you prefer to restrict the processing rather than to erase the data;
  • If we no longer need your data but you request to require the personal data for the establishment, exercise or defense of legal claims.

We will inform you at all times about the restriction request and if at hand, our decision to lift of the restriction and the possibility to object to this decision.

Right to erasure:

  • We will erase your personal data if they are no longer necessary for the purpose of processing. We will inform you prior the erasure of your data;
  • We erase your personal data if you withdraw your consent for the processing and there is no other ground for processing.

Right to data portability:

If your personal data is processed automatically and on the basis of your consent or the performance of a contract, you have the right to request your data to be send to you, an other controller or trusted third party as long as this does not adversely interfere with the rights and freedoms of others.

 

Personal Data

In order to deliver our services to our clients, website visitors, conference attendees, job applicants and other obligations under contracts, CTOtech.cybersecurity gathers personal data. This includes:

  • Basic data: initials, last name, position of the person, company address. These data are provided by you with your consent.
  • Contact data: mobile phone number, business email address of the related person(s) of procurement, the involved Client (IT) department or other persons working at Clients involved by the preparation, organization and performance of the assignment. These data are provided by you upon your consent.
  • Marketing data: to keep prospect-, previous- and active clients informed about our services and to share our knowledge we use basic data and contact data to send newsletters, white papers invitations for events, trainings, workshops and conferences. We collect these personal data with your consent (by mail you will be given the opportunity to opt –in to receive the information) and the data are provided by you. We do not buy client data and process these as we feel that building customer relations is upon mutual respect, trust and the aim to provide our services to strengthen your data protection.
  • Job Application data (if applicable): CV’s, address and contact details.
  • Contract, proposal data, project data containing personal data: Client representing individuals by name, position, signature, procurement details, initials, escalation & services contacts.

 

Purpose of processing

The processing of personal data (including business data that refers to a natural person) is necessary for doing business with customers, the preparation and/or performance of our services and related invoicing and therefore necessary for the execution of contracts.

We share our knowledge with parties who are interested in receiving whitepapers, blogs, articles by social media (LinkedIn, Twitter, Facebook), mailings, newsletters, visiting our website, sign up for a workshop, following a training or wish to gain information about our services. The personal data needed to share our knowledge with you is provided by you on opt –in basis with your consent.

We register your visitor data for security reasons. In case of an incident we need to know who was in the building at the time of the incident, the data in that situation is necessary for the establishment, exercise or defence of legal claims.

More information?

If you would like to learn more about the processing of your personal data and your individual rights, please do not hesitate to contact our legal counsel: security@ctotech-cyber.vlasws.com