Privacy Policy

Information on the processing of personal data

Sec4good, s.r.o., with its registered office at Myslivečkova 882, 250 92 Šestajovice, ID No.: 17932114, a company registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 378876 (hereinafter referred to as Sec4good), provides two types of services, mainly in the field of B2B sales support (sales of companies to companies):

  • Development and provision of software tools
  • Security consulting.

Sec4good works with personal data about natural persons on a marginal basis. At Sec4good, we consider the protection of privacy and personal data to be of paramount importance and we only handle personal data in accordance with applicable legislation and often secure data beyond our legal obligations. We take the liberty of presenting this policy which explains what we do to ensure the confidentiality and security of personal data. A fundamental principle that Sec4good adheres to when dealing with personal data is that Sec4good does not share personal data with third parties (unless required to do so by law). Sec4good collects data about its potential current and past business partners primarily for marketing purposes.

The purpose of this document is to provide you with information about:

  • Who we are
  • What personal data we collect
  • How we assess the level of risk arising from the processing of personal data
  • What we use personal data for
  • How we handle personal data and the period for which we store personal data
  • From what sources we obtain personal data
  • To whom we provide personal data
  • Where you can get more information

1. Who we are

Sec4good s.r.o.
with registered office at Myslivečkova 882, 250 92 Šestajovice
IČO: 17932114
company registered in the Commercial Register kept at the Municipal Court in Prague, Section C, Insert 378876

2. What personal data we collect

Sec4good collects the following personal data in the context of business relationships:

  • Identification data of business partners: title, name, surname, e-mail, telephone.
  • For the analysis of website traffic, we store the IP address, browser language and estimated location according to geoIP.
  • Data on the use of Sec4good tools, if you are a user of our products

3. How we assess the level of risk arising from the processing of personal data

We assess the level of risk arising from Sec4good's processing of personal data as low. In the context of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"), we do not identify any services, products or activities of Sec4good posing a "high risk" to the protection of personal data under Article 76. This assessment is based on the following facts:

  • Sec4good stores mainly personal data that is publicly available. Therefore, there can be no physical, tangible or intangible harm to the data subject under Article 75 caused by the leakage of such data.

4. For what purposes we use the data

We collect and store personal data for the following purposes:

  • Business risk assessment. In order to assess the risk arising from business cooperation (counterparty risk), it is necessary to clearly identify entities linked by ownership or at the level of statutory and authorised representatives.
  • Direct marketing and data management. Recital 47 of the GDPR states that "Processing of personal data for direct marketing purposes may be regarded as processing carried out for legitimate interest". For this purpose, Sec4good collects and processes physical addresses associated with business activities even if such address is also the residence of the natural person.
  • Performance under existing contractual relationships and contractual relationships under negotiation.

Sec4good does not use personal data for decision-making based solely on automated processing, including profiling, which has legal effects on the data subject or significantly affects him/her in a similar way within the meaning of Article 22 of the GDPR.

5. How we handle personal data

We process all personal data with the utmost care and every effort to protect such data, both as a processor and as a data controller. Among other things, the following measures ensure the protection of personal data:

  • Physical security: all physical servers on which personal data may reside are located in locked areas, in separate, individually lockable rooms in buildings with 24/7 (24 hours, 7 days a week) security. Access to these areas is monitored by name-assigned access cards.
  • Technological security: all devices on which personal data may reside or through which personal data may be accessed are secured with at least a username and password and firewall software. Personal data can only be accessed remotely via an encrypted connection. Some Sec4good tools may contain small amounts of personal data (e.g. if the user makes a note of it). Access to all Sec4good tools is therefore protected by a username and password.
  • Procedural security:Sec4good has a range of procedural safeguards for personal data. Some of the most important ones include:
    Access to personal data is restricted on a "need to know" basis, i.e. only a narrow range of people who need it for their work have access to it. A list of these persons is available for inspection at the Sec4good offices.
  • Legal security: all persons with access to personal data have been properly instructed on how to handle personal data and, conversely, what is inadmissible. All persons with access to personal data have been made aware of the obligation of confidentiality and have confirmed it by signing.
  • Code of Conduct for the handling of personal data: All persons who come into contact with personal data have been made aware of and understand the Sec4good Code of Conduct for dealing with personal data. This code is available for inspection at Sec4good headquarters.

We store personal data only for the time necessary to fulfil the purpose of processing. After this period, the personal data are fully anonymised and used only for statistical evaluation purposes. Specifically, the following period of time:

  • We retain the data for as long as necessary for the purposes of performance under the contract and for as long as necessary to comply with legal obligations or to protect our rights.
  • Data provided on the basis of the data subject's consent will be kept for the period specified in the consent. If you exercise your right to be forgotten or withdraw the consent given, the data will of course be kept for a shorter period.
  • Data on the use of Sec4good tools for as long as you have been a user of Sec4good tools + 6 months.

6. From which sources we obtain personal data

We obtain personal data from public sources such as commercial, trade and other registers, information portals, etc. We do not obtain personal data by direct enquiry or other non-public means.

7. To whom we provide personal data

We do not share personal information with any third parties unless required by law.

8. Where you can get more information

For further information, please do not hesitate to contact us at info@sec4good.cz , where we will be happy to answer your questions both generally and based on your rights under the GDPR, namely:

  • Right of access to personal data: you have the right to ask Sec4good to confirm whether your personal data is actually processed by Sec4good and, if so, you have the right to obtain access to that personal data and to the specified information. In such case, Sec4good will provide you with a copy of the personal data processed in the form of an extract from Sec4good's database once per current year free of charge, otherwise on payment of material costs.
  • Right to rectification: you have the right to have inaccurate personal data processed about you in the Sec4good database corrected without undue delay. You also have the right to have incomplete personal data completed, including by providing an additional declaration.
  • Right to erasure ("right to be forgotten"):you have the right to have your personal data deleted without undue delay if one of the grounds set out in the General Data Protection Regulation applies (e.g. because the personal data processed is not necessary for the purposes specified or because the processing is unlawful).
  • Right to restriction of processing: You have the right to have the processing of your personal data restricted if one of the grounds provided for in the General Data Protection Regulation (e.g. because of the inaccuracy of the personal data processed or the unlawfulness of its processing) is applicable.
    Please note that the right to data portability, i.e. The right to obtain personal data (which concerns you and which you have provided to the user) in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without the user objecting, is not relevant in view of the nature of the processing of your personal data in the Sec4good database and we cannot therefore comply with requests concerning data portability.
  • Right to lodge a complaint: if you believe that the processing of your personal data in the Sec4good database violates the relevant legislation, in particular the General Data Protection Regulation, you may contact Sec4good with an objection to the processing of your personal data or with your complaint to the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

We will provide you with the requested information and documents and/or information on the measures taken without undue delay, but no later than one month from the date of receipt of your request. In some cases, however, this period may be extended and we will inform you of this. If it is not possible to comply with your request, we will inform you of this fact and the reasons for it, including information about your other rights (the right to lodge a complaint and the right to judicial protection).

If necessary, we are entitled to ask you for additional information to confirm your identity in connection with your request. If we cannot establish your identity, we cannot normally comply with your request.

You can use your rights free of charge. If the requests made are manifestly unfounded or unreasonable, in particular because they are repetitive, we may charge you a reasonable fee or we may refuse to comply with your request.