Privacy notice
This Privacy Notice has been adopted by SECURITYSIDE, CYBERSECURITY SERVICES, S.A. (hereafter SECURITYSIDE). We are committed to your privacy and have a duty to fulfil the provisions of the General Data Protection Regulation. The following information describes how SECURITYSIDE process personal data.
Our aim is to ensure that all personal data processed is kept safe and always secured, and that the personal integrity is respected.
To whom this privacy policy applies
This Privacy Notice applies to our processing of personal data relating to you:
(i) As Clients, Business Partners and institutions as well as distributors, counterparties, suppliers and other third parties of SECURITYSIDE. Being companies and organizations that are legal persons, the processing of personal data is in general limited to contact details of their employees and representatives.
(ii) As visitor of our public websites or social media profiles/pages or subscriber to our newsletter or other information from SECURITYSIDE;
(iii) As visitor at our offices where camera surveillance is conducted in accordance with the Portuguese Privacy Act and Law on Surveillance;
(iv) As regards candidates (internal or external) the relevant information will be provided as part of the application process according to our “Recruitment privacy notice”, available on https://www.securityside.com/careers;
(v) As being specifically referred to this Privacy Notice, e.g. by an agreement, contract a notice or similar.
As regards visitors of the SECURITYSIDE’s website, a SECURITYSIDE cookies policy describes how SECURITYSIDE is using, collecting, storing, and disposing of cookies when you visit and use our website, and aims to show you how we respect the privacy of all visitors to our site. This policy is available on https://www.securityside.com/cookies-policy.
Data controller and contact information
If you have any questions about this Privacy Notice or regarding the processing of your personal data or if you wish to exercise any of your rights under applicable data protection regulation, you can contact geral@securityside.com.
SECURITYSIDE, CYBERSECURITY SERVICES, S.A., with headquarters at Noto Office Center, 12252 Circunvalação Road, 2nd Floor, #202, 4460-282 Porto, Portugal.
Data security
Data security is a high priority for us. We will ensure that personal data are kept secure, both against external threats and internal threats. Although we use security measures to protect your personal data against unauthorized disclosure, misuse, or alteration, we cannot fully guarantee the security of information beyond our reasonable control.
In accordance with the law, SECURITYSIDE has taken technical and organizational measures to ensure that your Personal data is protected to the best of our abilities against accidental, or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Your personal data will generally be stored in SECURITYSIDE databases or databases maintained by our service providers.
Lawfulness of the processing
Each processing activity requires a legal basis. We will only collect, process personal data fairly and lawfully and for specified purposes.
Typically, we process personal data when it is necessary (i) for the performance of a contract with the data subject or to fulfil a request from the data subject, or (ii) to comply with a legal or regulatory obligation.
Personal data may also be processed when it is necessary for the purposes of a legitimate interest, including such as to maintain our operational security and to manage risks. If a certain data process requires the prior consent by the data subject, we will collect such consent before carrying out the relevant processing activity. We will document in our records of processing activities the legal basis relied upon for each processing activity.
Whenever any personal data processing activity, whose the legal bases is the legitimate interest of SECURITYSIDE, an legitimate impact assessment will be carried out.
Special categories of personal data may only be processed if the data subject has given his or her explicit consent. If consent has not been given, special categories of personal data may, in principle, only be processed if it is necessary to exercise employment law rights or obligations or to justify a legal claim.
Personal data from children:
SECURITYSIDE will never knowingly collect any personal data from children under the age of 13. If we obtain actual knowledge that we have collected personal data from a child under the age of 13, that information will be immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties.
Information to the data subjects about the processing of personal data
A person whose data is to be processed, has the right to receive certain information before the processing activity is carried out. Such information shall include e.g. the identity of the data controller, the purposes of the processing and the legal basis, any recipients of the personal data and intentions to transfer the data outside EU/EEA, as also the data subject rights, and a data retention period.
We process personal data according to the following purposes and legal basis:
For our business purposes and legal obligations:
SECURITYSIDE uses Clients / Partners personal data to give support, including to answer inquiries. This usually requires certain personal information (for ex., to process demo request, technical issues, doubts/complains on products, customer support and inquiries, to analyze and process your application to join our partner network, etc.).
SECURITYSIDE also process personal data for business purposes, such as data analysis, audits, fraud monitoring and prevention, enhancing, improving or modifying our services to the needs of our clients, identifying usage trends, and any legal, regulatory, tax, accounting or reporting requirements
Lawful purposes for this processing:
Compliance with contractual obligations arising for the performance of a contract; SECURITYSIDE's legitimate interests; Legal obligations; Data subjects’ consent.
Marketing, and other promotions
With the client’s consent (when needed), SECURITYSIDE uses Client / Partners Personal Data to give information on SECURITYSIDE services, or to proceed with marketing communications or campaigns and promotions. This can be done through e-mail, ads, SMS, calls and postal correspondence, to the extent permitted by applicable legislation.
Some SECURITYSIDE promotions and campaigns are conducted on third party’s websites and/or social networks. This use of client Personal Data is voluntary, which means that the client may object or withdraw his consent every time he wishes to.
Lawful purposes for this processing:
Data subjects’ consent; SECURITYSIDE's legitimate interests.
For managing SECURITYSIDE website and social network services
SECURITYSIDE uses the Clients / Partners and Visitors Personal Data when he interacts with SECURITYSIDE website, for the website’s operations and/or management and with third-party social networking tools, such as the "Like" functions, to serve the client with ads and interact with him through third-party social networks. You can see more about how these tools work, what customer profile data SECURITYSIDE obtains, and choose to deny consent by reviewing the privacy policies of relevant social networks.
SECURITYSIDE’s website may contain links to other websites and incorporate content and services from other providers (e.g. YouTube, Facebook, Google, Twitter) who may use cookies and active components. SECURITYSIDE has no influence over how your data is processed on these websites or their compliance with provisions on data protection. Please note any data protection information they provide and that the option provided by SECURITYSIDE to configure settings for cookies on our cookies policy has no effect on cookies and active components from other providers (e.g. YouTube, Facebook, Google, Twitter). Please refer to the respective provider’s websites for information about how your data is handled. SECURITYSIDE assumes no responsibility for the processing of this kind of personal data by third parties.
SECURITYSIDE does not license or sell any personal information to third-party companies for its own marketing purposes, except in situations where the customer has given consent. The identity of these third parties will be disclosed at the time the client's authorization is requested.
Lawful purposes for this processing:
Data subjects’ consent; SECURITYSIDE's legitimate interests.
For our Academy and Training purposes:
SECURITYSIDE also process personal data for managing our Academy training programs, according to our contractual obligations with our Clients, Partners and other third parties.
Lawful purposes for this processing:
To perform of a contract; SECURITYSIDE legitimate interests; When we need to comply with a legal obligation.
Storage limitation
Personal data shall not be processed for a longer period than necessary for the purposes for which the personal data was collected. SECURITYSIDE shall retain your personal information only for the period strictly necessary for the:
(i) the provision of the SECURITYSIDE services,
(ii) compliance with the legal obligations to which SECURITYSIDE is obliged,
(iii) the pursuit of the purposes of collection or treatment of the operations identified above,
(iv) allow the exercise of the rights of Data subjects’ and the fulfilment of the corresponding obligations.
After this period, personal data will be deleted.
We maintain retention policies to ensure that Data subjects are informed of the period for which data is stored and/or how that period is determined.
Data transfers within our organization and/or outside of the EU/EEA
When personal data collected by SECURITYSIDE is processed by its employees or by suppliers and other partners, SECURITYSIDE engages all stakeholders through a “Commitment term” with its privacy policies.
When personal data is processed by a data processor on behalf of a data controller, a written data processing agreement (DPA) needs to be concluded between the data controller and data processor. When we act as a data controller, we shall ensure that DPAs are entered into with data that will process personal data on our behalf. Furthermore, personal data may not be transferred from the EU to countries outside of the EU/EEA, unless an available derogation is applicable to such transfer. Before transferring any personal data outside of the EU/EEA, we shall ensure that at least one of the derogations are applicable, e.g. by ensuring that the standard contractual clauses issued by the EU Commission are entered into with the entity receiving the personal data.
In that matter the application of the "Standard Contractual Clauses", general contractual clauses annexed to the Implementing Decision (EU) 202/914 of the European Commission of 4 June 2021. In accordance with general personal contractual clauses for the transfer of data to third countries under the GDPR are available at:
As also the recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, from 18 June, 2021.
When we act as data processor
When we process personal data on behalf of another entity, e.g. acts as a data processor, we will:
Only act on the controller’s documented instructions. Impose confidentiality obligations on all personnel who process the relevant data. Ensure the security of the personal data that SECURITYSIDE process. Follow the rules regarding appointment of sub-processors. Implement measures to assist the controller in complying with the rights of data subjects. At the controller’s request, either return or destroy the personal data at the end of the relationship. Provide the controller with all information necessary to demonstrate compliance with the data protection regulation.
The rigths of the data subjects
Data subjects have the following rights, as further detailed in the applicable data protection legislation:
(i) a right to access (a record that shows, inter alia, what data is being processed about Data subject),
(ii) rectification,
(iii) erasure (right to be forgotten),
(iv) restriction of processing,
(v) portability,
(vi) objection and
(vii) a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning Data subjects.
The data subject has the possibility to contact SECURITYSIDE and exercise his/her rights through geral@securityside.com.
Once the data subject's identity is verified, the request shall be responded to as soon as possible and at the latest within a month.
Data subjects have also the right to file a complaint with a supervisory authority if they believe that personal data has been processed in violation of data protection regulations.
Updated on May 13 2024